Monday, 18 January 2016

Set the .NET Business Connector proxy account

Some components require that the .NET Business Connector be configured to connect to Microsoft Dynamics AX with a proxy account. The use of a proxy enables the .NET Business Connector to connect on behalf of Microsoft Dynamics AX users when authenticating with an AOS instance.
The Business Connector proxy is a Microsoft Windows domain account that is configured from the initialization checklist, or in the Administration > Setup > Security > System accounts form.
Work with a system administrator to create a new account for the Business Connector before you install it. We recommend that the account be set up as follows:
  • Must be a Windows domain account
  • Must be a dedicated account (used only by Business Connector)
  • Must have a password that does not expire
  • Must not have interactive logon rights
  • Must not be a Microsoft Dynamics AX user.

If a malicious user learns the Business Connector proxy credentials (name and password), that user could gain unauthorized access to sensitive information, and potentially damage the Microsoft Dynamics AX application. For this reason, only Microsoft Dynamics AX administrators should know the proxy credentials.
To set up and configure the Business Connector proxy, you must perform the following steps.
  1. Create the proxy account in Active Directory.
  2. Add the proxy account to the IIS local Windows group.
  3. Configure the IIS application pool.
  4. Install the .NET Business Connector.
  5. Specify the Business Connector proxy user in Microsoft Dynamics AX.
Create the proxy account in Active Directory

  1. Create a unique user in Active Directory in the form domain\username, for example, domain\bcproxy. This user must not have the same name as an existing Microsoft Dynamics AX user. For the procedure to add a new user, see the Active Directory documentation.
  2. Assign a password to the user.
  3. Select the Password does not expire option.
  4. Select the No interactive logon rights option.
  5. Close Active Directory.
Add the proxy account to the IIS local Windows group

For Web applications, you must add the Business Connector proxy account to the IIS local Windows group. If you are using Windows SharePoint Services, you must also add the account to the Windows SharePoint Services local Windows group.
  1. Open the Computer Management application (Start > Administrative Tools > Computer Management).
  2. Expand the Groups folder under Local Users and Groups.
  3. Add the Business Connector proxy account to the following groups:
    • IIS_WPG (IIS Worker Process Group)
    • STS_WPG (STS Worker Process Group), if running Windows SharePoint Services
Specify the Business Connector proxy user in Microsoft Dynamics AX

  1. Start Microsoft Dynamics AX (Start > All Programs > Microsoft Dynamics > Microsoft Dynamics AX).
  2. Open the System service accounts form: Administration > Setup > Security > System service accounts.
  3. In the Business Connector Proxy section of the form, enter the alias and the domain of the user.
  4. Click OK.

No comments:

Post a Comment