Overview
KORE’s CRM-integrated products support Microsoft Dynamics via Dataverse (formerly called Common Data Service). Historically, KORE customers created a 'service' account for KORE to use. This requires a CRM license, username, and password. KORE securely stores the credentials and uses them to access various Microsoft APIs.
Microsoft is winding down support for WS-Trust, which is the authentication method we use with the 'service' account. As a result, KORE is moving to a new server-to-server authentication method. This change provides two key benefits for you:
- KORE will no longer require a CRM user license for the 'service' account that you must pay for.
- The new method doesn't use a username and password that could be compromised, improving security.
Warning: Do not disable the existing service account until KORE notifies you that it is safe to do so.
Preparing the change
Grant permissions
First, an admin of your Azure environment must provide consent for KORE to connect to your system. KORE will provide a URL to begin the process. Open the page and enter your organizations' Tenant ID. (You can find this ID at portal.azure.com and selecting Azure Active Directory.) Also enter your organization's domain name.
Click Request Consent and you'll be redirected to Microsoft's site. Sign in there if you haven't already, then review and accept KORE's permissions request.
You'll then be redirected back to KORE's site which shows a success message.
Note: If you ever need to revoke these permissions, visit portal.azure.com and select Azure Active Directory. Search for the KORE Software Connect enterprise application, then open its properties and delete it. This will prevent your KORE CRM products from working.
Create the application user
Next, follow Microsoft's instructions to create the application user that KORE's server will use to communicate with your CRM. This does not require a user license.
In step 6, verify that the Application ID is a3846c22-60d3-4ebb-9d09-b2712b467e04
.
In step 8, set the security role to “Kore – Service Account Administrator” if it exists. Otherwise, set the security role to “System Administrator”.
Note: If you have difficulty creating the application user through the Microsoft Power Platform admin center, you can alternatively create the application user in your Dynamics environment.
Activating the change
After completing the steps above, your KORE Success consultant will schedule a time with you to activate the new authentication method. We can do this outside of your normal business hours to avoid any disruption.
At the scheduled time, KORE will switch to the new authentication method and verify that the system is working. If there’s any problem, we’ll revert the change and follow up with you to troubleshoot.
Once the change has been made and verified, KORE will let you know when it’s safe to disable the old service account.