Enterprise Portal security uses a combination of the following:

• Microsoft Active Directory® directory services

• Windows SharePoint Services or Office SharePoint Server users and groups

• Microsoft Dynamics AX access control

Figure 1 illustrates how the combination of these services and features determines user access and the content shown on Enterprise Portal.

Figure 1: Enterprise Portal security access in an intranet deployment

1. A user attempts to log on to the network. The user's credentials must be listed in Active Directory on the domain controller.

   • If the user is not listed in Active Directory, the user cannot access any resources on the network.

   • If the user is listed in Active Directory, the user can attempt to access the Enterprise Portal site using a Web browser.

2. The IIS Web server receives the request for the Enterprise Portal page. The Web server verifies whether the user is listed in Microsoft Dynamics AX and in Windows SharePoint Services or Office SharePoint Server to determine if the user can access the Enterprise Portal site.

   • If a user is not listed in both, that user is denied access to the site.

   • If the user is listed in both, that user can access the site, and the Web server sends a request to the AOS server to determine which data and content should be displayed (if any).

3. The AOS server receives the request for Microsoft Dynamics AX data.

   • If the user is not listed in any Microsoft Dynamics AX groups, the user sees an empty Enterprise Portal page in their Web browser.

   • If the user is listed in one or more groups, the Enterprise Portal page displays content and data defined by the user group permissions.

The Enterprise Portal security components in an extranet deployment can include one or more firewall devices and multiple domain controllers, but the process of determining page access and the content shown on pages is the same.

By default, only the administrator who installed Enterprise Portal can access the site. The process for configuring Enterprise Portal security then is a process of giving users access to the site and assigning users to Microsoft Dynamics AX groups so they can view content on the site.

1. Install Enterprise Portal. For more information about installing Enterprise Portal, see "Install Enterprise Portal and Role Centers" in the Microsoft Dynamics AX Installation guide.

2. Add users to Active Directory. If your organization has a core Microsoft Dynamics AX installation running, users might already be listed in Active Directory. If a user is listed in the Usersform and the Enabledoption is selected, the user already exists in Active Directory.

3. Enable the default Enterprise Portal user groups (a subset of the Microsoft Dynamics AX user groups) by completing the Enterprise Portal Configuration Wizard. For more information, see Configure Enterprise Portal using the Configuration Wizard.

4. Add users to groups according to each user's role in the company. For information about Enterprise Portal roles and corresponding user groups, see About Enterprise Portal roles and user groups.

5. Set up and configure a perimeter network (for extranet deployments). For more information, see Configuring a perimeter network for Enterprise Portal.

6. Give users access to the site. For more information, see Giving users access to Enterprise Portal sites.

7. Specify user relations (required for the Shop Floor Control and Human Resources module sites). For more information, see Specify user relations.

The following best practices can help you be diligent and proactive toward maintaining a more secure Enterprise Portal environment.

• Configure your servers to automatically download and install updates from Microsoft Update. If your organization prefers to not install updates automatically, schedule a regular time to review and install updates.

• Verify with management each user's role and Microsoft Dynamics AX group assignments. If you add a user to the wrong group, that user could have access to data and content that is not intended for them. If necessary, review the About Enterprise Portal roles and user groupstopic with management to create an accurate list of each user's role and corresponding group assignments.

• If a user leaves your organization or company, remove that user from Active Directory, the SharePoint site, and the list of users in Microsoft Dynamics AX.