The proxy is a Microsoft Windows domain account that enables Business Connector to “act on behalf” of Microsoft Dynamics AX users when authenticating with Application Object Server (AOS). You must set up and configure the proxy as described in this topic. If you do not set up and configure the proxy as described here, remote users cannot connect to Microsoft Dynamics AX using external Web application if the application depends on user impersonation in Business Connector.
If a malicious user learns the Business Connector proxy credentials (name and password),
that user could gain unauthorized access to sensitive information. For this reason,
only Microsoft Dynamics AX administrators should know the proxy credentials.
To set up and configure the Business Connector proxy, you must:
- Create the proxy account in Active Directory directory service.
- Create the proxy account in the Microsoft Dynamics AX database.
You must create a proxy account in Active Directory on your domain controller before Business Connector can "act on behalf" of remote users. If the proxy account does not exist in Active Directory, remote users cannot authenticate with Microsoft Dynamics AX.
To create the proxy account in Active Directory
- Create a unique user in Active Directory in the form domain\username, for example, redmond\bcproxy. This user must not have the same name as an existing Microsoft Dynamics AX user. For the procedure to add a new user, see the Active Directory documentation.
- Assign a password to the user.
- Select the Password does not expire option.
- Select the No interactive logon rights option.
- Close Active Directory.
After you created the proxy account in Active Directory, you must add the account to the Microsoft Dynamics AX database. By storing the proxy account in the database, multiple AOS instances can access the proxy and thereby authenticate multiple users.
To set the proxy account in the Microsoft Dynamics-AX database
- From a Microsoft Dynamics AX Client, click > > > .
- In the field, enter the name of the proxy user previously entered in Active Directory, for example, bcproxy.
- In the field, enter the domain.
- Click .