Share via


Checklist: Configure Enterprise Portal security

Important

This content is archived and is not being updated. For the latest documentation, see Microsoft Dynamics 365 product documentation. For the latest release plans, see Dynamics 365 and Microsoft Power Platform release plans.

Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012

In Enterprise Portal for Microsoft Dynamics AX, security is enforced by using a combination of features and services. This topic includes checklists that can help you configure security in Enterprise Portal.

Checklists for configuring Enterprise Portal security

By default, only the administrator who installed Enterprise Portal can access the site. Therefore, Enterprise Portal is effectively locked after it is installed. The configuration of security in Enterprise Portal involves verifying roles, enabling security features, and granting users access to the site. Information in the following tables can help you configure Enterprise Portal security.

Table 1: Security tasks for the server and operating system

Task

More information

Verify security settings for Internet Information Services (IIS) and SharePoint.

See the product documentation on Microsoft TechNet and MSDN.

Encrypt Enterprise Portal client-server communications by using Secure Sockets Layer (SSL).

How to Setup SSL on IIS 7

Table 2: Security tasks for extranet deployments

Task

More information

Enhance Enterprise Portal security in extranet deployments by using two domain controllers and two firewalls. This deployment model is called a traditional perimeter network.

Tip

If you prefer not to deploy Enterprise Portal with multiple domain controllers, you can authenticate Enterprise Portal users by using claims-mode authentication. For more information, see the next item in this checklist.

Install Enterprise Portal in a traditional perimeter network

Deploy an Enterprise Portal site that uses the claims mode authentication that is provided by SharePoint.

In the context of Microsoft Dynamics AX, this claims mode authentication is called Flexible authentication. Flexible authentication enables businesses and organizations to authenticate Enterprise Portal users without having to store user accounts in Active Directory Domain Services.

Deploy an Enterprise Portal site that uses forms-based authentication

Table 3: Security tasks to enable user access

Task

More information

Verify that the Enterprise Portal site is registered in Microsoft Dynamics AX.

Click System administration > Setup > Enterprise Portal > Web sites.

Verify that Microsoft Dynamics AX role-based security is configured. At a minimum, users and groups must be members of the System user role.

Set up user security in Microsoft Dynamics AX

Set up user security in Microsoft Dynamics AX

Grant users and groups permission to view the site in SharePoint.

Enable users to access Enterprise Portal

Specify user relations. User relations trim data based on a user's designated role and account. User relations are required for extranet deployments and for an employee self-service portal.

Employees who only access an employee self-service portal must be assigned a Worker relation in the User relations form.

Configure user relations

Grant users and groups access to Microsoft SQL Server Reporting Services (SSRS) reports. Users and groups must have this access to view SSRS reports in Enterprise Portal and Role Centers.

Grant users access to reports

Grant users and groups access to Microsoft SQL Server Analysis Services (SSAS) cubes. Users and groups must have this access to view SSAS reports in Enterprise Portal and Role Centers.

Grant users access to cubes

Configure Enterprise Portal for data partitions.

Configure Enterprise Portal to access data in a partition