How to utilize Dynamics 365/CRM Online’s multi-factor authentication in Resco Mobile CRM
written by Robert Feldmar on August 17, 2017
These days, we constantly hear about usernames and accounts of various services getting hacked. However, multi-factor authentication (MFA) is a quick and effective way to protect sensitive data by requiring an additional piece of information (besides username and password) to verify the user’s identity. This information may be delivered through different channels, such as a text message, email, phone call, mobile app, or else – less likely to get compromised at the same time as a traditional username and password.
That’s why we recently introduced the OAuth2 authentication method in Resco Mobile CRM. It enables the app to access the data while supporting the MFA available in Microsoft Dynamics 365/CRM Online and Salesforce. Adding yet another security layer, further reinforcing your system.
Getting started with multifactor authentication in Resco Mobile CRM
Salesforce users can utilize oAuth2 authentication directly.
Microsoft Dynamics 365/CRM Online users – Before you can use the OAuth2 authentication method to connect Resco Mobile CRM with Dynamics 365/CRM Online, the app must first be added to the Microsoft Azure Active Directory. Azure Active Directory is used to verify that the application is permitted to access the business data stored in the Dynamics 365/CRM Online tenant.
To grant a global consent for all Resco Mobile CRM users to access the data, use the following link: https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&response_mode=form_post&client_id=a116bf70-75fe-41c2-9f9f-7f3d0faff4bb&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2foauth2%2fnativeclient&prompt=admin_consent
However, you need to be a Global Administrator of your tenant to issue a global consent. It’s not enough to have only a System Administrator role in Dynamics 365/CRM Online.
In the Resco Mobile CRM app, you need to open the Sync dialog and set the User Mode to OAuth2. Fill in the URL of your organization and create a password that will encrypt the offline database and will be used when the app runs in offline mode (no Internet connection) and MFA is unavailable. It can also be the same as the user’s CRM password. Then hit the Sync button:
Now enter the username and password you use to sign in to your Dynamics 365/CRM Online:
If your username is used with more than one Microsoft account you will need to choose between your Personal and Work accounts:
Then enter the password for the chosen account and tap Sign in once again:
You may also need to grant the required permissions for Resco Mobile CRM to access your Dynamics 365/CRM Online data (if you have the rights to do so and the Global Administrator of your tenant has not granted a global consent yet):
If the multifactor authentication has been configured on Dynamics 365/CRM Online, the Resco Mobile CRM app will then display an “Additional verification” dialog. There, the user needs to enter the security code he/she received via another channel – text message, e-mail, phone call, etc. Then, the Mobile CRM application will synchronize and you can start working with your CRM data on the go wherever you are, whenever you need.