Demiton Logo
Demiton

Connector Guide: Dynamics 365 Finance & Operations

How to securely authorize the Demiton Universal Adapter to read Journals and Vendors from your D365 environment using OAuth 2.0 Client Credentials.

The Authorization Model

Demiton connects to Dynamics 365 Finance & Operations (F&O) using the standard OData v4 protocol. We do not use a "Service Account" with a username and password. Instead, we use an Azure App Registration (Service Principal).

This ensures:

  1. Zero Human Access: No shared passwords.
  2. Auditability: Every action performed by Demiton is logged in D365 as the application user, not a generic admin.
  3. Rotation: Client Secrets can be rotated instantly without breaking the integration logic.

Phase 1: Azure App Registration (Entra ID)

You will create a digital identity for Demiton within your Azure tenant.

Step 1: Create the Application

  1. Log in to the Azure Portal (portal.azure.com).
  2. Navigate to Microsoft Entra ID > App registrations.
  3. Click + New registration.
  4. Name: Demiton Banking Gateway.
  5. Supported account types: Single tenant.
  6. Click Register.

Step 2: Generate the Secret

  1. Go to Certificates & secrets in the left menu.
  2. Click + New client secret.
  3. Description: Demiton Production Key 2025.
  4. Expires: Set to 12 or 24 months (aligned with your security policy).
  5. IMPORTANT: Copy the Value immediately. This is the only time it will be visible.

Step 3: Gather IDs

Go to the Overview blade and copy:

  • Application (client) ID
  • Directory (tenant) ID

Phase 2: D365 F&O Configuration

Now you must authorize that Azure App to talk to your Finance environment.

  1. Log in to Dynamics 365 F&O as a System Administrator.
  2. Navigate to System Administration > Setup > Microsoft Entra ID applications.
  3. Click + New.
  4. Client ID: Paste the Application ID from Phase 1.
  5. Name: Demiton Gateway.
  6. User ID: Select a user with the necessary privileges.
    • Best Practice: Create a specific user (e.g., demiton_integration) with the SystemCustomizer or custom role limiting access only to LedgerJournalTable, VendTable, and BankAccountTable.

Phase 3: Configure the Universal Adapter

  1. Log in to Demiton.
  2. Go to Connectors > Add Connector.
  3. Select Dynamics 365 F&O.
  4. Enter your Environment URL (e.g., https://contoso-uat.sandbox.operations.dynamics.com).
  5. Paste your Tenant ID, Client ID, and Client Secret.
  6. Click Test Connection.

Demiton will attempt a handshake. If successful, it will cache the OData Metadata schema, making your Entities available in the Query Builder.