Single Sign-on for Dynamics GP Demystified

Visit Website View Our Posts

The introduction of the web client for Dynamics GP added another interesting feature, Identity Management. Practically speaking GP’s Identity Management is a form of single sign-on that allows users to sign into the Dynamics GP web client with their network or organizational account.  Identity management is a web client feature, so it only works with the Dynamics GP web client.

Single sign-on provides a number of benefits. Users have fewer passwords to manage. This reduces support calls and can improve security with fewer entry points to manage. Password management is also more consistent with policies for password length, complexity, and expiration controlled by Active Directory (AD).

While Identity Management is an option for firms using the Dynamics GP web client, companies using the desktop client don’t have access to this feature from Microsoft. This restriction applies to the desktop client delivered via Citrix or Terminal Services as well.  Those organizations using a hybrid mix of desktop and web clients are left with inconsistent login processes if they opt for Identity Management built into GP.

Companies with desktop and hybrid deployments of GP do have a great option for single sign on. Fastpath’s Config AD is the only option providing single sign-on capabilities across all of the Dynamics GP deployment options. Config AD connects Active Directory to Dynamics GP. This allows users to sign-in to Dynamics GP with their Active Directory account via the desktop client, Citrix, Terminal Services and the GP web client. Config AD can provide a true single sign-on experience where GP authenticates via Active Directory behind the scenes and launches directly into the selection of a company. Alternatively, users can be required to reenter their AD account as an additional security measure. Either way, it's still only one username and password for the user to manage.

Additionally, Config AD can shift the assignment of GP security roles to Active Directory, allowing roles to be assigned by IT or a central security administrator. This doesn’t change the tasks assigned to roles, only the assignment of roles to users, making it easy to setup a new network user and give them appropriate GP access in a single step. With Config AD, removing AD users also removes GP users, eliminating orphaned GP log-ins. Finally, Config AD can also automatically log out users after a period of inactivity.

Single sign-on is an important security feature regardless of how it is delivered. Reduced support calls, improved password management and fewer security entry points provide benefits to both firms and their employees regardless of how Dynamics GP is deployed.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Show Buttons
Hide Buttons