Identity

Dynamics 365 for Finance and Operations cloud deployment uses Azure AD for identity management and authentication. Microsoft Azure AD is a modern, cloud-based service that provides identity management and access control capabilities for your cloud applications. You can use Azure AD Connect to integrate and synchronize with an on-premise Windows active directory and provide the Single Sign On (SSO) functionality to the user and devices. Azure active directory not only powers the identity and access management for Dynamics 365 but also supports many other SaaS-based web applications, such as Office 365, NetSuite, ServiceNow, Salesforce, Workday, and many more third-party web applications. The following diagram shows the high-level capabilities of Azure AD:

Cloud deployment of Dynamics 365 for Finance and Operations uses Azure AD and SAML 2.0 (Security Assertion Markup Language) protocol for the authentication and authorization process. The following diagram depicts in simple steps how this happens:

As the diagram shows, the User logs on to Dynamics 365 for Finance and Operations, Enterprise edition using a Browser (step 1) and gets redirected to the Azure AD login page for authentication (step 2) . The user logs in to Azure AD using the user ID and password. Azure AD authenticates the user, generates the SAML 2.0 token and redirects to Dynamics 365 for Finance and Operations, Enterprise edition with security tokens, (step 3 and 4). In the end, Dynamics 365 for Finance and Operations validates the security token, authorizes the user (if the user is registered as a valid user in the application) and displays the start page.

The on-premise deployment option uses ADFS for authentication and active directory for identity management. The following diagram shows the authentication flow in on-premise deployment:

As shown in the diagram, the authentication flow for on-premise deployment is similar to cloud deployment. The only difference is that for the cloud, Azure AD is used as STS and identity provider, whereas for on-premise deployment, ADFS is used as the STS provider and AD as the identity provider. 

A security token service (STS) is a software-based identity provider responsible for issuing security tokens as part of a claims-based identity system.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset