Intro
For a more in-depth explanation, please take a look at this forum post:
In this forum post we’ll be going over a basic overview of the changes that you need to be aware of if you’re using Docentric SharePoint Extended Security with D365FO versions 10.0.42+.
To continue using the Docentric SharePoint Extended security features on D365FO versions 10.0.42+, you will need to upgrade Docentric to version 3.4.9.1, to avoid errors like:
- Unable to obtain SharePoint access token etc.
- Failed to get document library etc.
As written in the Docentric release notes for Docentric version 3.4.9.1:
- (3.4.9.1) SharePoint authentication: Fixed an issue that occurred when using the Integrated SharePoint authorization type with the Upgrade SharePoint user authentication feature turned on and the OnBehalfOf authentication flow in D365FO v10.0.40 or later.
The OnBehalfOf flow is used when D365FO runs code outside the UI context, such as in asynchronous operations (e.g., SysOperations Framework calling SysOperationSandbox::callStaticMethod()).
Starting with D365FO versions 10.0.42, the standard Upgrade SharePoint user authentication feature has become mandatory and can no longer be turned off.
This means that user impersonation for SharePoint (calling SharePoint as a user that isn’t the currently logged-in user) is no longer supported by neither the standard nor Docentric on D365FO versions 10.0.42 and above, as explained in Microsoft documentation:
The way the upgraded SharePoint user authentication works also means that you will no longer be able to interactively execute operations that need access to SharePoint (neither standard nor Docentric) on Tier 1 (DEV) environments:
If you were using the Docentric SharePoint Extended Security feature before, please refer to the below sections for further information.
Integrated SharePoint Authorization
If you were using integrated SharePoint authorization for Docentric, you can continue using this type of authorization, by clearing the Integration Users fields located in Docentric AX parameters:
Additionally, you will have to clear any fine-grained security settings that you may have present for the integrated authorization type:
The following is a list of Docentric operations that are affected by the above SharePoint extended security settings:
- Downloading/uploading Docentric templates.
- Browsing SharePoint sites from D365FO (for example, when configuring the Docentric File Print Destination).
- Printing reports to SharePoint by using the Docentric File Print Destination.
- Printing to any Docentric print destination, if the selected Docentric template is stored on SharePoint.
For interactive sessions, the user (the one that is logged into D365FO) who is doing these operations needs to have the appropriate SharePoint authorization.
For operations that are executed non-interactively (i.e. executed in batch), they will be executed by the D365F&O app, which means that you will have to authorize the D365F&O app to have access to SharePoint by following the relevant Microsoft documenation.
Online and On-Premises SharePoint Authorization
If you were using Online or On-Premises SharePoint authorization for Docentric, you should be able to continue as before without needing to change anything or perform any special steps.
Please note, however, that for Online SharePoint authorization, the user that you would need to create to use such authorization must not use Multi-factor authentication.
In case this changes, we will update this forum post to reflect the new information.
Additional Reading
Configure SharePoint storage (Microsoft documentation)
SharePoint Extended Security (Docentric how-to manual)