Microsoft’s Dynamics 365 for Customer Service is one of the amazing features of Office 365 suite of collaborative and productive apps. Microsoft Office 365 users can log in once to the site and use any Office 365 app, including Microsoft Dynamics 365 for Customer Interaction. It is also capable of creating system user account for D365 customer attachment with online service admin.
In an Active Directory-based network, federation lets applications connect to Dynamics 365 for Customer Service using the same set of user identities and credentials.
Users of Dynamics 365 Customer attachment (on-premises) can connect to the service via the Microsoft Online Services platform should refer to this guidance.
Clients of Dynamics 365 Customer Experience (on-premises) with an Office 365 subscription can use a single sign-on to gain access to all Office 365-supported applications, including Microsoft Exchange Online, thanks to the two services’ interconnectivity.
Office 365 clients can use Microsoft 365 attachment with customers (on-premises) in the same way that they can when they are provisioned. Additionally, organizations can administer a single set of user identifiers in their Active Directory region and in Microsoft Dynamics Customer attachment by federating domains’ Active Directory accounts in Windows cloud services (on-premises).
Controlling User Identities Using Microsoft’s cloud-based
The identity provider of the currently logged-in user of Microsoft Dynamics 365 Customer attachment (on-premises) must be known by your apps in order to successfully access the web services hosted by Microsoft Dynamics Customer Engagement (on-premises).
In order to gain access to the web services via SDK calls, the user’s authentication credentials must be configured in a somewhat different manner for each provider.
Microsoft Dynamics 365 Customer Feedback (on-premises) and Microsoft Online Services’ providing enable two identity providers:
User ID or File Servers (through cloud federation). An introduction to these identification services and their connection to Microsoft Dynamics 361 Customer Experience (on-premises) are provided below.
User ID is the identity supplier for all clients who have committed to the Office 365 acceptable standard, and it reflects user IDs supplied by clients in Microsoft cloud services. With your Microsoft ID, you may access all of Microsoft’s cloud-based offerings, including Microsoft Exchange Internet and Microsoft Dynamics Customer Satisfaction (on-premises).
Microsoft Online Services is where users who have a User ID can manage their account information and security settings.
Users with User IDs will be called “controlled” or “non-federated” users in this documentation.
Local Management of Active directory
Because of Active Directory Federation (on-premises), customers can sign into Microsoft Online Services such as Office 365 and Dynamics 365 Customer attachment using the same domain credentials they use for Active Directory. Once federation has been set up, local management of Active Directory-based system user accounts is possible, and those accounts can be made accessible to Microsoft Online Services and kept in sync with changes that have been made to the existing on-premises Active Directory identifiers.
The federation between Dynamics 365 Customer Satisfaction (on-premises) and Microsoft Dynamics Customer Engagement (online) allows users to log in once and access both platforms. Organizations with a large number of regular employees can benefit from this kind of authentication process.
Microsoft Account-Based Identity Management
Microsoft Dynamics Customer attachment still works with Microsoft accounts as identity providers (on-premises). However, businesses using Microsoft Online Services to deploy Dynamics 365 Customer Experience (on-premises) will not be able to use a Microsoft account. Customers of Microsoft Dynamics Customer Engagement (on-premises) who have not subscribed to Office 365 can still use the service by signing in with their existing Microsoft account credentials.
Single sign-on route map
with single sign-on (SSO), you and your team may log into Microsoft’s cloud services using your organization’s existing Active Directory credentials. A securitization service (STS) and Active Directory synchronisation are pre requisites for single sign-on.
In order to put SSO into action, you need to do the following:
- Get ready for a single login system.
- Construct a security token service that operates locally.
- Construct a directory synchronisation system.
- Check that a single sign-on is functioning properly.
- Install a security token service in-house.
If you want to give your local and distant Active Directory users single sign-on to the cloud service, you’ll need to create a new on-premises STS architecture after you’ve finished preparing your environment for SSO. For single sign-on deployment, you can use an existing STS that works with Azure Active Directory instead of building new infrastructure.
Configure Active Directory Synchronisation
Active Directory synchronisation must also be configured for single sign-on to function effectively. This entails ensuring that a tool is activated and installed, as well as checking that directories are being synchronized. Once directory synchronisation verification is complete, synchronized users can be made active. Users’ identities in the cloud storage service are accurately reflected when single sign-on is used in conjunction with directory synchronisation.
Single sign-on verification
The final step in preparing your Active Directory synchronisation environment is to double-check that your single sign-on (STS) and cloud service are both operational.
DirSync enables single sign-on.
When you want to streamline your employees’ access to cloud services like Office 365 and Microsoft InTune using their established Active Directory corporate credentials, you can implement a hybrid-based directory connection type of scenario in Azure Active Directory called single sign-on, also known as identity federation. Customers would have to remember two sets of credentials—one for the cloud service and another for the on-premises version—if you didn’t offer single sign-on.
By facilitating identity federation, an STS allows for centralized authentication, authorization, and SSO to be extended to cloud, partner, and on-premises networks and their respective Web applications and services. A federated trust will be established among your on-premises STS as well as the federal domain you specify in your Azure AD domain when you setup an STS to allow SSO connection with a Windows cloud service.
Azure Active Directory works with one of these two securities tokens.
providers to make single sign-on scenarios easier:
- Services for Active Directory Federation Services (AD FS)
- Provider of Shibboleth Identities
- Validation Service Providers
Access to several cloud services can be provided by integrating your on-premises Active Directory and STS server farm with Azure Active Directory, as shown in the following figure. For single sign-on to work, a federated trust must be created among your STS and Microsoft’s Azure Active Directory (AD). When an end user in your local Active Directory authenticates with your on-premises STS, their requests are routed through the federated trust. Users will be able to access all of the cloud services in which you have enrolled without having to create new accounts for each.
Benefits of Cloud Services
If your firm has subscribed to a cloud service, implementing single sign-on will allow your employees to access it using their existing corporate credentials. Users don’t have to sign in over and over again or keep track of a lot of different passwords.
There are various advantages for administrators as well as users.
Administrators don’t have to use cloud-based solutions to use Active Directory’s policy control features to manage security protocols, workstation limits, hold controls, and other things.
The administrator can decide whether cloud services can be accessed only from servers inside the company’s firewall, from servers outside the company’s firewall, or from both.
Help desk tickets for forgotten credentials are a major drain on any business. Users are less inclined to forget their passwords if there are fewer of them.
All of the services and servers that are needed for single sign-on are run and managed by the company itself. This makes sure that all user identities and data are safe.
With the cloud service, you may take advantage of robust authentication, also known as two-factor authentication. Strong authentication, on the other hand, mandates the use of single sign-on. Strong authentication can’t always be used without certain caveats.