Set Up Business Connector Proxy User

Some components require the .NET Business Connector to be configured to connect to Microsoft Dynamics AX with a proxy account. The use of a proxy enables the .NET Business Connector to connect on behalf of Microsoft Dynamics AX users when authenticating with an AOS instance. The Business Connector proxy is a Microsoft Windows domain account that is configured from the initialization checklist or in the Administration > Setup > Security > System service accounts form.

A new account for the Business Connector must be created before it has been installed.

The account setup recommendations:

  • Must be a Windows domain account.

  • Must be a dedicated account (used only by Business Connector).

  • Must have a password that does not expire.

  • Must be able to log on as a service.

  • Must not be a Microsoft Dynamics AX user.

NOTE

If a malicious user learns the Business Connector Proxy credentials (name and password), that user could gain unauthorized access to sensitive information and potentially damage the Microsoft Dynamics AX application. For this reason, only Microsoft Dynamics AX administrators should know the proxy credentials.

Set Up and Configure the Business Connector Proxy

Step 1: Make the SC_BPUser created earlier in the Create Domain Accounts step the member of the IIS_IUSRS group:

  • Go to Administrative Tools > Computer Management > System Tools > Local Users and Groups > Users.

  • Open the SC_BPUser Properties window and go to the tab Member Of.

  • Add the IIS_IUSRS group to the list and click OK or Apply to apply the changes.

Step 2: Specify the Business Connector Proxy user in Microsoft Dynamics AX at the following location: Administration > Setup > Security > System service accounts.

NOTE

The Business Connector Proxy user (SC_BPUser) must be granted List Folder Contents and Read permissions on the %windir%\temp folder:

Step 1: Navigate to the %windir%\temp folder, right-click the folder and select Properties.

Step 2: Go to the Security tab and under Group or user names, click Add.

Step 3: In the Select Users, Computers, or Groups dialog box, under Enter the object names to select, enter the Business Connector Proxy account (SC_BPUser) and click OK.

Step 4: In the Permissions list, in the Allow column, make sure that only List Folder Contents and Read are selected and click OK.

 

NOTE

If you use Windows Server 2008 Log on as a batch job, rights should be given to the SC_BPUser. In order to do this:

Step 1: Open the Microsoft Management Console (Click Start > Run and run gpedit.msc).

Step 2: Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

Step 3: Select Log on as a batch job policy.

Step 4: Add the SC_BPUser to the list by clicking the Add User or Group button and selecting this user (you can use the Check names option for quick search for the correct user).

Step 5: Click OK to save the changes. More information about the Log on as a batch job can be found here.

If all steps have been followed and performed, then the Business Connector Proxy is configured.