Deploying Microsoft Dynamics GP Web Client with Office 365 Identity and Azure Active Directory - Part 1

Hi! As of late I have been seeing a number of questions on forums about deploying Microsoft Dynamics GP Web Client using Office 365 identity. So I figured I would take a deep dive look into this topic, by providing a bit of background and steps to achieve a successful deployment. What you need to know is, you have a range of options.


Office 365 uses Azure Active Directory (Azure AD) cloud-based user authentication service to manage users. This service provides 3 identity models that can be used to manage user accounts:

Cloud identity. In this scenario, accounts are managed in Office 365 only. All the administration is done in the cloud, requiring no on-premise servers to manage the accounts.

Synchronized identity. In this particular case, your on-premise directory objects are synchronized with Office 365, with the bulk of the administration done from your on-premise server. Passwords can be synchronized such that users have the same password both on-premises and in the cloud. The downside to this approach is, users will need to sign in twice: once to the local domain and yet again to access Office 365.

Federated identity. This identity management model allows you to synchronize your on-premises directory objects with Office 365 and manage your users on-premises. The users have the same password on-premises and in the cloud, and they do not have to sign in again to use Office 365. This is often referred to as single sign-on.

The following video describes in more detail how each of these identity models work:

Most organizations will fall within the Synchronized or Federated model, but as more and more organizations move to a pure cloud model, cloud identities are becoming very common.

In my next article, I will go into the pre-requisites to deploy Microsoft Dynamics GP Web Client with Office 365.

Until next post!

Mariano Gomez, MVP
Comment List