Overview
KORE’s CRM-integrated products support Microsoft Dynamics via Dataverse . Historically, KORE customers created a 'service' account for KORE to use to access the CRM. This required a full CRM license, username, and password. KORE securely stores these credentials and uses them to access various Microsoft APIs.
With the deprecation of WS-Trust authentication, KORE has moved to a more modern server-to-server authentication method with OAUTH. This change provides two key benefits for you:
- KORE will no longer require a dedicated CRM user license for the 'service' account that you must pay for
- The new method doesn't use a username and password that could be compromised, improving security
Preparing the change
Grant permissions
First, an admin of your Azure environment must provide consent to KORE to connect to your system. KORE will provide a URL to begin the process. This URL can only be used by an Azure Administrator and will install KORE's Enterprise Azure Application into your environment. This is used to give KORE's platform permissions to authenticate (via OAUTH) with your tenant.
This Azure App is also used for our Platform and SSO solution (https://help.koresoftware.com/hc/en-us/articles/22543920363799-KORE-Platform-Overview)
- Open the page and enter the domain(s) of users in your Azure AD Tenant that require access to KORE products. If you have more than one domain, enter them as comma separated values (for example: @koresoftware.com,@koreinteractive.com)
- Click the "Next" button. The system will validate the Tenant ID of the domain(s) entered.
a. If you wish to confirm the Tenant ID matches the expected value of your Dynamics 365 environment, navigate to make.powerapps.com
b. Select the desired "Environment" from the dropdown on the top navigation bar
c. Select the "Settings" icon on a click on "Session Details"
d. The Tenant ID of the D365 Environment will be displayed - If no errors, click "Next" and you'll be redirected to Microsoft's site
- Sign in there if you haven't already, then review and accept KORE's permissions request.
You'll then be redirected back to KORE's site which shows a success message.
Note: If you ever need to revoke these permissions, visit portal.azure.com and select Azure Active Directory. Search for the KORE Software Connect enterprise application, then open its properties and delete it. This will prevent your KORE CRM products from working.
Create the application user
Next, follow Microsoft's instructions to create the application user that KORE's server will use to communicate with your CRM. This does not require an additional user license.
In step 6, verify that the Application ID is a3846c22-60d3-4ebb-9d09-b2712b467e04
.
In step 8, set the security role to “Kore – Service Account Administrator” if it exists. Otherwise, set the security role to “System Administrator”.
Note: If you have difficulty creating the application user through the Microsoft Power Platform admin center, you can alternatively create the application user in your Dynamics environment.
Activating the change
After completing the steps above, your KORE Success consultant will schedule a time with you to activate the new authentication method. We can do this outside of your normal business hours to avoid any disruption.
At the scheduled time, KORE will switch to the new authentication method and verify that the system is working. If there’s any problem, we’ll revert the change and follow up with you to troubleshoot.
Once the change has been made and verified, KORE will let you know when it’s safe to disable the old service account.