Future-Proof Your Access: Switch to User-Based Authentication Before the Deadline

Before diving into the details of the upcoming authentication changes for the Warehouse Management Mobile App, we highly recommend watching this brief video for a clear visual overview of what to expect and how to seamlessly transition.

Overview:

We want to ensure you know of an upcoming change to how authentication works for the Warehouse Management Mobile App (WMMA) for base D365 Finance & Supply Chain (F&SC).

• Service-Based authentication was deprecated as of F&SC version 0.37 (WMMA version 2.2.23), support and use will end July 15, 2024.
• User-based authentication will take its place and is available now.

What does “deprecated” mean?

• The feature isn’t in active development and will be removed on July 15, 2024. You’ll still be able to utilize Service-based authentication, but you need to start planning for this to be removed on July 15, 2024, and migrate to User-based authentication.

What does this mean for me?

• You should configure the new User-based authentication (Device code or username and password method), which replaces Service-based authentication (client secret or certificate method) by July 15, 2024, at the latest.

What are the primary advantages of User-based authentication?

• User-based authentication is more straightforward to configure and use, especially in remote environments where users are not physically near device administrators. 
• Mass Deployment (and Single Sign-On/SSO) supported. LINK
• If one username per warehouse employee, the “Default user” flag on the warehouse worker eliminates the need for additional worker login(s).

Licensing Impacts:

• No licensing changes. 
  • Use a single Microsoft Entra ID for all devices and rely on device licensing.
  • Warehouse employees will have a D365 User License (Microsoft Entra ID).

How many Microsoft Entra ID accounts do I need?

There are three general Entra ID policies you can use, which have varying levels of control: 

1. One Entra ID user account per physical device
   1. Enterprise app has multiple users assigned in Azure that are device specific (Device1, Device2, Device3)
   2. The device is authenticated with device code flow or User-based authentication.
   3. Warehouse workers sign in to the warehouse app with a User ID / Password from a mobile device user account.
   4. Pros/Cons:
      1. Pro: You can log out of an individual device at any time.  
      2. Con: Any device that has not been used for 90 days is auto-logged out. 
2. One Entra ID user account for N physical devices
   1. Enterprise app has one or many users assigned in Azure that are not device-specific (AllWhseApp, Whse1Scanners, Whse2Scanners, Whse3Scanners) 
   2. The device is authenticated with device code flow or User-based authentication.
   3. Warehouse workers sign in to the warehouse app with a User ID / Password from a mobile device user account.
   4. Pros/Cons:
      1. Pro: You can have one account for all devices with / a minimal chance of forced re-authentication every 90 days.  
      2. Con: If a device is lost/stolen, you can’t log it out individually.
3. One Entra ID user account for each human worker
   1. Enterprise app has multiple named users assigned in Azure that are actual employees (BobSmith@contoso.com, SueLee@contoso.com)
   2. Device AND warehouse workers are authenticated using the human worker with device code flow or User-based authentication.
   3. Pros/Cons:
      1. Pro: Each user has their own single login for the device and warehouse app.  
      2. Con: Very detailed setup/pairing of all accounts

How do I ensure my warehouse app is configured to utilize user-based authentication?

• Option 1 (Recommended): Add new App Registration
  • Add or configure mobile devices as feasible. 
  • See setup guide: Azure Portal Setup – Warehouse Mobile App Authentication
• Option 2 (Not Recommended): Re-configure existing Serviced-based authentication to User-based authentication. 
  • All mobile devices are logged out immediately, preventing the ability for a controlled rollout.  

Conclusion:

The shift to User-based authentication in Dynamics 365 Finance & Supply Chain marks a significant step towards enhancing security and operational efficiency within your Warehouse Management Mobile App. This transition not only streamlines access in remote environments but also supports mass deployment and Single Sign-On capabilities, ensuring that your warehouse operations are more seamless and integrated than ever before. As we approach the July 15, 2024, deadline, it’s crucial to begin planning your migration strategy now to avoid any disruptions. For a more detailed understanding and a visual guide on how to make this essential transition, we encourage you to watch this informative video. If you have any questions or need further assistance, our team at RSM is ready to support you. Don’t hesitate to reach out to us through our contact page. Embrace this change with confidence, knowing that it brings a future of more secure, efficient, and user-friendly warehouse management operations.

Kevin Rosenquist

Kevin Rosenquist is a results-driven and highly adaptable individual with a proven track record of effective leadership and continuous improvement. Kevin has the proven ability to identify risks, implement innovative solutions, and align others to achieve results and objectives.