Integrating with Microsoft Dynamics CRM 2011 is very straightforward. This means we can easily create CRM portals to expose data to clients or reps, create data integrations with other systems, and create other web based systems that pull and push data into Microsoft CRM.
Perhaps you’re thinking of using a Dynamics CRM Service account. Maybe you prefer to use a single service account with all integrations, or you want to save a few dollars and use a named administrator account instead of a service account.
So what is a service account? A service account is an account used programmatically and strictly for data integration.
Below are 10 best practices for Dynamics CRM service accounts.
- When creating the account in active directory, limit its rights. Never make the account a domain administrator.
- Assign the service account a unique CRM role with ONLY the rights it needs.
For example: if creating a service account for portal that only reads accounts from CRM, assign a unique role for this a service account with ONLY view access and nothing else.
- Make sure the password of the service account never expires.
- Make sure the service account name is easy and unique to identify for what custom work it is being used for. For example, if this is a service account for a distributor portal, name it ‘service_account_read_only_distributor_portal’.
- Make sure the service account is not owned by any person in the company so that it will never be expired or will be deactivated. Most companies should have a process for handling service accounts.
- Make sure that a service account being used for one integration is never used for any other integration. (Each integration should have a its own unique service account.)
- Don’t forget to ‘approve’ the service account’s email address in CRM. If this is not done, emails sent from the service account will not be processed.
- Make sure the password service account is secured. We recommend a random 30 character password. This makes it very hard for anyone to glance over and memorize the password.
- In CRM, limit business rights. For example, if the service account will only read accounts, then remove all other permissions such as export to Excel, manage XYZ, read other entities, etc.
- In active directory, lock the service account so it can ONLY login to the server or servers running the application.
That’s it! Following these 10 best practices will make your integration a lot more secure.
If you found this useful, you may also be interested in our post on how to impersonate in Microsoft Dynamics CRM.