Connection setup
This section covers the setup of the connection between Isabel connect and your Dynamics environment.
Prerequisites
- Admin access on a Windows Server environment with OpenSSL (only when generating Ibanity certificate).
- Admin account on Ibanity developer portal
- Key vault access in Microsoft Azure
Setting up the Ibanity environment
A separate application needs to be created for testing purposes (Bèta) and production environment. In the procedure below we will perform configuration for testing (Bèta). Production setup is similar.
Browse to Ibanity developer portal and login with an administrator account.
Create application
Create a new "Live application" using the create button.
Provide a description which clearly distinguishes test and production applications (e.g. adding Bèta to the name of the test application).
After confirming a new entry will appear in the application list.
Activate Isabel product
Go to the application details using the "View" button. Request access to the Isabel Connect product and select the correct environment (Bèta for testing - Production for Live). You will have to wait for approval by Ibanity.
Setup allowed redirection URIs
After activation, go to the details of the Isabel Connect product.
In the "Allowed redirection URIs" add the URIs of your environments. For the Bèta application add URIs of your sandbox and development environments.
Make sure to add company (DAT) and partition parameters to the URL.
Create the URL with company in upper and lower case.
(e.g. for development environment: https://usnconeboxax1aos.cloud.onebox.dynamics.com/?cmp=DAT&prt=initial)
Generate OAuth2 credentials
Press the "GENERATE NEW SECRET" button below the OAuth2 credentials to generate a new secret. (Important! Generating a new secret will deactivate the current one. This might temporary break the connection in Dynamics). Store the generated client_secret in a safe location. After leaving this page the secret will remain obfuscated in the Ibanity portal.
Generate certificates
Certificate generation is only needed when using Ibanity certificates. Depending on your daily transaction amount Ibanity will direct you in what type of certificates to use. When using third party certificates you will only need to upload them in the same location.
To perform the certificate generation you will need admin privileges on a windows environment with OpenSSL installed.
Return to the application page in the developer portal and select the credentials tab. Press "GENERATE" button in the "Active certificates" section. This section is used for the Application certificate. Generate a RSA key pair using the command from the Ibanity dialog. You will be prompted for a password that will be needed in a later step. Next generate a Certificate Signing Request using the command from the Ibanity dialog. You will be prompted for a password, use the same is in previous step. A .csr file is now generated, upload the .csr file in the Ibanity dialog an press "GENERATE AND DOWNLOAD". A zip file can be downloaded containing the certificate.
After downloading the certificate it needs to be converted to a pfx pkcs12 certificate file in order to be able to use it in Azure Key Vault. Therefore extract the downloaded certificate in de folder containing your generated RSA key pair file. Next open an admin powershell window and execute the statement below
openssl pkcs12 -inkey yourkeyfilename.pem -in yourcertificatefile.pem -export -out ibanity_application.pfx
The final result will be a pfx certificate.
Repeat the previous steps for the Signature Certificate.
Setting up secrets in Azure Key Vault
Next, an Azure Key Vault must be configured to securely store our certificates and application secret. The setup of the Key Vault itself will not be covered in this documentation. For this refer to this documentation.
A guide on how to link the Key Vault to Dynamics can be found here.
Secrets
Three secrets need to be added to the keyvault to use in the Isabel Connector setup.
- Add an object of type "Secret" to store the client secret that was generated in "Generate OAuth2 credentials" chapter in the Ibanity Environment setup
- Add an object of type "Certificate" to store the generated .pfx file of the application certificate
- Add an object of type "Certificate" to store the generated .pfx file of the signature certificate
Setting the connection in Finance and Operations
Key Vault
Go to 'System Administration > Setup > Key Vault parameters'. Create a new key vault reference in company DAT and set up connection to Azure Key Vault created in previous chapter.
Next go to 'System Administration > Setup > delaware Isabel connector > Connections'.
Add a new connection and set the following parameters.
Connection
- User linking URL: reference the correct environment, see this page.
- API URL: https://api.ibanity.com
- Client id: Use client id that was generated in chapter "Generate OAuth2 credentials".
- Scope: AI PI offline_access
Secrets
- Azure key vault company: use the company where the key vault was added in, should be DAT.
- Client certificate key vault secret: reference the "application certificate" secret.
- Signature certificate id: can be found in the Ibanity developer portal in the credentials tab of your application.
- Signature certificate key vault secret: reference the "signature certificate" secret.
- Client secret key vault secret: reference the "application secret" secret
Set up legal entities
Go to 'Organization Administration > Organizations > Legal Entities'. Go to the delaware isabel connector tab and reference the connection created in previous chapter in the connection id field. This must be done in all legal entities where bank accounts will be processed. Also do it in the DAT company for user linking purposes.
Activate the connection.
Go back to Administration > Setup > delaware Isabel connector > Connections and select the connection created in previous step. In the Token tab click the user linking button. This will redirect you to Isabel where you can complete the user linking process.