D365 F&O Organization provisioning

Regular Contributor
Regular Contributor

For the D365 F&O connector the connector guide does not have any details regarding additional configuration that seems to be required for the ootb "Adding an organization for a Security role" feature.

The AddAccessJSON config for the "Organizations" (LegalEntity) entitlements contains attributes in the body payload that is not referenced/mentioned in the guide or in the ImportAccountEntJSON config, namely:



"httpParams": "{
  \"OrganizationType\": \"${entitlementValue.customproperty6}\",
  \"OrganizationId\": \"${entitlementValue.customproperty7}\",
  \"OperatingUnitType\": \"${entitlementValue.customproperty3}\"



The requestAccessAttributes.SecurityRoleIdentifier attribute seems to imply that a Dynamic Attribute must be configured somewhere and the entitlementValue customproperties are not present in the ImportAccountEntJSON config from where the LegalEntities (Organizations) are loaded during an Access Recon Job.

My intent is to create Application roles that has two entitlements, one D365 F&O Role and one D365 F&O Organization. What changes/configs would need to be in place for the "Adding an organization for a Security role"  feature provisioning (Add/Remove) to function via an application role?


Saviynt Employee
Saviynt Employee

Hello!  Thank you for your question!   We are investigating an answer. Someone will get back to you soon

Thanks, Miguel

Regular Contributor
Regular Contributor


Just following up to see whether an answer was found.


The sad thing is that the guides are no help. We are running v5.5SP5. As as per the Dynamics 365 connector guide for v5.5, the guide for v2022 contains several errors. I've logged numerous support tickets regarding the documentation errors, template errors etc. In fact, in our v5.5 instances even the REST_Dynamics365 (REST) connector template does not exist and you have to assemble a REST connector config yourself.

As an example, in the linked v2022 document, in the AddAccessJSON, the httpParams for "Organization" is a copy/paste from the "Roles" httpParams. The attribute names in the Organization httpParams is not the correct attributes for adding an Organization to a user account, nor is the url endpoint.

Furthermore, if you create a new connector from the template, and you compare the JSON configs of the connector and the connector guide(s), they don't match.

For example, in a v2021 test instance when creating a new D365 REST connector from the template, AddAccessJSON httpParams for Organization is :

 "url": "@BASE_URL@/Data/SecurityUserRoleOrganizations",
      "httpMethod": "POST",
      "httpParams": "{\"UserId\":\"${account.accountID}\",\"SecurityRoleIdentifier\":\"${requestAccessAttributes.SecurityRoleIdentifier}\",\"OrganizationType\": \"${entitlementValue.customproperty6}\",\"OrganizationId\": \"${entitlementValue.customproperty7}\",\"OperatingUnitType\": \"${entitlementValue.customproperty3}\"}",

The url and httpParams configs are completely different from the guides. And the entitlementValue's listed in the httpParams (custompropertyX) also does not match up with the ImportAccountEntJSON configs. Default Paging configuration in the ImportAccountEntJSON is also completely broken.

Hence you cannot rely on the guides nor templates to get a working ootb connector config.


This must be template of 2022.

@uthra_rahul  can help in documentation issue

Saviynt Employee
Saviynt Employee


@Paul_Meyer @rushikeshvartak Thanks for sharing your feedback. We'll review this with our Product team and revert with updated documentation.

@JayashreeL FYA