KORE’s CRM-integrated products support Microsoft Dynamics via Dataverse (formerly called Common Data Service). Historically, KORE customers created a 'service' account for KORE to use. This requires a CRM license, username, and password. KORE securely stores the credentials and uses them to access various Microsoft APIs.
Microsoft is winding down support for WS-Trust, which is the authentication method we use with the 'service' account. As a result, KORE is moving to a new server-to-server authentication method. This change provides two key benefits for you:
- KORE will no longer require a CRM user license for the 'service' account that you must pay for.
- The new method doesn't use a username and password that could be compromised, improving security.
Warning: Do not disable the existing service account until KORE notifies you that it is safe to do so.
Preparing the change
First, an admin of your Azure environment must provide consent to KORE to connect to your system. KORE will provide a URL to begin the process. This URL can only be used by an Azure Administrator and will install KORE's Enterprise Azure Application into your environment. This is used to give KORE's platform permissions to authenticate (via OAUTH) with your tenant.
- Open the page and enter the domain(s) of users in your Azure AD Tenant that require access to KORE products. If you have more than one domain, enter them as comma separated values (for example: @koresoftware.com,@koreinteractive.com)
- Click the "Next" button. The system will validate the Tenant ID of the domain(s) entered.
a. If you wish to confirm the Tenant ID matches the expected value of your Dynamics 365 environment, navigate to make.powerapps.com
b. Select the desired "Environment" from the dropdown on the top navigation bar
c. Select the "Settings" icon on a click on "Session Details"
d. The Tenant ID of the D365 Environment will be displayed
- If no errors, click "Next" and you'll be redirected to Microsoft's site
- Sign in there if you haven't already, then review and accept KORE's permissions request.
You'll then be redirected back to KORE's site which shows a success message.
Note: If you ever need to revoke these permissions, visit portal.azure.com and select Azure Active Directory. Search for the KORE Software Connect enterprise application, then open its properties and delete it. This will prevent your KORE CRM products from working.
Create the application user
Next, follow Microsoft's instructions to create the application user that KORE's server will use to communicate with your CRM. This does not require a user license.
In step 6, verify that the Application ID is
In step 8, set the security role to “Kore – Service Account Administrator” if it exists. Otherwise, set the security role to “System Administrator”.
Note: If you have difficulty creating the application user through the Microsoft Power Platform admin center, you can alternatively create the application user in your Dynamics environment.
Activating the change
After completing the steps above, your KORE Success consultant will schedule a time with you to activate the new authentication method. We can do this outside of your normal business hours to avoid any disruption.
At the scheduled time, KORE will switch to the new authentication method and verify that the system is working. If there’s any problem, we’ll revert the change and follow up with you to troubleshoot.
Once the change has been made and verified, KORE will let you know when it’s safe to disable the old service account.