Looking for PowerObjects? Don’t worry, you’re in the right place! We’ve been part of HCL for several years, and we’ve now taken the final step in our acquisition journey: moving our website to the HCL domain. Nothing else is changing – we are still fanatically focused on Microsoft Business Applications!

PowerObjects Blog 

for Microsoft Business Applications


Top 10 Best Practices for a Dynamics CRM Service Account

Post Author: Joe D365 |

Integrating with Microsoft Dynamics CRM 2011 is very straightforward. This means we can easily create CRM portals to expose data to clients or reps, create data integrations with other systems, and create other web based systems that pull and push data into Microsoft CRM.

Perhaps you're thinking of using a Dynamics CRM Service account. Maybe you prefer to use a single service account with all integrations, or you want to save a few dollars and use a named administrator account instead of a service account.

So what is a service account? A service account is an account used programmatically and strictly for data integration.

Below are 10 best practices for Dynamics CRM service accounts.

  1. When creating the account in active directory, limit its rights. Never make the account a domain administrator.
  2. Assign the service account a unique CRM role with ONLY the rights it needs.

    For example: if creating a service account for portal that only reads accounts from CRM, assign a unique role for this a service account with ONLY view access and nothing else.
    Dynamics CRM Service Account

  3. Make sure the password of the service account never expires.
    data:text/mce-internal,content,imgsrchttp//powerobjects.com/blog/wp-content/uploads/sites/4/2012/10/103012_2109_Top10bestpr2.pngalt/
  4. Make sure the service account name is easy and unique to identify for what custom work it is being used for. For example, if this is a service account for a distributor portal, name it 'service_account_read_only_distributor_portal'.
  5. Make sure the service account is not owned by any person in the company so that it will never be expired or will be deactivated. Most companies should have a process for handling service accounts.
  6. Make sure that a service account being used for one integration is never used for any other integration. (Each integration should have a its own unique service account.)
  7. Don't forget to 'approve' the service account's email address in CRM. If this is not done, emails sent from the service account will not be processed.
  8. Make sure the password service account is secured. We recommend a random 30 character password. This makes it very hard for anyone to glance over and memorize the password.
  9. In CRM, limit business rights. For example, if the service account will only read accounts, then remove all other permissions such as export to Excel, manage XYZ, read other entities, etc.
  10. In active directory, lock the service account so it can ONLY login to the server or servers running the application.
    Following these 10 best practices will make your integration a lot more secure.

That's it! Following these 10 best practices will make your integration a lot more secure.

If you found this useful, you may also be interested in our post on how to impersonate in Microsoft Dynamics CRM.

Happy CRM'ing!

Joe CRM
By Joe D365
Joe D365 is a Microsoft Dynamics 365 superhero who runs on pure Dynamics adrenaline. As the face of PowerObjects, Joe D365’s mission is to reveal innovative ways to use Dynamics 365 and bring the application to more businesses and organizations around the world.

2 comments on “Top 10 Best Practices for a Dynamics CRM Service Account”

  1. Joe,
    For Dynamics CRM Online, do the service accounts have to be licensed to send mail?

    1. Hi - Great question. From what we have read, a service account, set to non-interactive mode, with proper security role, should be able to send email ok. However, in our testing this did not work. We have added this topic to our list to investigate a bit further.

PowerObjects Recommends