Authorization Box

Authorization Box is a web-based application in which you can manage and control authorizations. It is linked directly to Dynamics 365 Business Central databases, so any changes are directly effective if desired, both in Authorization Box and in Dynamics 365 Business Central. Before using the Authorization Box, it is required to follow the Installation steps and the setup to configure.

Authorization Box consists of the following modules:

1. Monitoring
2. Authorization Framework
3. User Management
4. Continuous monitoring
5. User templates

The Monitoring module provides insights into Critical Permissions and the implemented Segregation of Duties (SoD) in Dynamics. The analysis helps you to find incorrect permissions in Permission Sets, Organization Roles and User accounts. Furthermore, the module analyzes conflicts in segregation of duties.

According to SOx regulations, top management must be ‘in control’ and provide insight into the effectiveness of the SoD as part of the application controls. SoD Monitoring is an audit tool that helps management to remain ‘in control’.

The Authorization Framework provides functionality to create and manage the Authorization Framework. The foundation for the authorization framework is the Organization Chart, where you create Departments and Organization Roles. On a more detailed level you can create permission sets or create permission set groups which you can then link to Organization Roles. These Organization Roles are assigned to users through Authorization Requests.

Any change in the authorization design is directly (or per start date / end date) synchronized to Business Central or will be synchronized after approval of the request. Creating and modifying the organization structure can be done through the Authorization Box interface and in Excel.

User Management in Authorization Box provides a workflow for Authorization Requests with optional approval. This enables assignment of responsibility for creating new user accounts to the responsible data owner or process owner, instead of application management or the IT-department. Through an Authorization Request users are assigned organization roles, if desired on a company or company group level. In case of employee offboarding or change of function you can revoke the Organization Roles directly or by an end date.