Package Installation Guide
Kernel Dynamics 365 Integration - Installation & Setup Guide
📋 Prerequisites
Dynamics 365 System Administrator access in your target environment
Your Kernel Tenant ID & API Key
Microsoft 365/Azure AD admin access (for application user creation)
Package Version: Latest v1.0 release
🚀 Quickstart Guide
🔗 Step 1: Install the Kernel Solution
Download the Solution
Access the installation link provided by Kernel:
`dynamicsurlhere`
Import the Solution
Navigate to: Settings → Solutions
Click Import
Select the downloaded solution file:
KernelDynamicsConnectedApp_1_0_0_0_managed.zipClick Next
Configure Installation Options
Install for: All Users (Recommended)
Enable SDK message processing: Yes
Review connections and dependencies
Click Import
Wait for Installation
The import process typically takes 5-10 minutes
You'll receive a notification when complete
Status: "Import Complete"
Verify Installation
Navigate to: Settings → Solutions
Confirm "Kernel Dynamics Connected App" appears with status Installed
Open Apps
Find and open Kernel Integration app
Click the Kernel Setup tab
Important: You will be prompted to grant the Kernel API access to the integration user and security role you create. This allows Kernel to sync your CRM data. Kernel only has access based on the security roles you assign.
👤 Step 2: Create Integration User
The integration user is a dedicated Application User account that Kernel uses to access your Dynamics 365 data securely.
Creating the User:
Open Kernel Setup
In Dynamics 365, navigate to Apps → Kernel Integration
Click the Kernel Setup custom page
You'll see a loading screen with fun messages (this is normal!)
Review Default Settings
The setup wizard will display default user information:
Email: [email protected]
First Name: Kernel
Last Name: Integration
User Type: Application User
Create the Integration User
Click "Create Integration User"
The system will:
Create a unique application user linked to Azure AD
Assign the Kernel Integration Role security role
Send sync notification to Kernel Portal
Save sync status locally
Success Confirmation
You'll see a success message: "✓ Integration user created successfully!"
The UI will display:
User full name
Email address
User status: Active
Sync status: Connected (green indicator)
Permission & Security Role:
The system automatically assigns the Kernel Integration Role to the integration user, which provides:
✅ Read/View All access to standard entities (Account, Contact, Lead, Opportunity)
✅ Read access to custom entities (as needed)
✅ API access through application user context
✅ Access to Kernel-specific custom entities
Alternative: You can also assign your own custom security role with specific permissions.
🔗 Step 3: Authorize Kernel Connection
Before Authorizing
You'll need your Kernel API credentials (provided by Kernel team):
Tenant ID: Your unique organization identifier (e.g.,
tenant_abc123xyz)API Key: Your secure API key for authentication
Authorization Steps
Verify Sync Status
In the Kernel Setup page, you should see:
Status: Connected to Kernel
Last Sync: Timestamp of initial sync
Tenant ID: Your tenant identifier
Integration User: Email and name
Connection Established
Once the integration user is created, the connection is automatically established
The OAuth flow happens in the background using the application user credentials
No additional authorization window required
Verify in Kernel Portal
Log into your Kernel Portal at
https://app.kernel.aiNavigate to Integrations → Dynamics 365
You should see your organization listed with status: Connected
Data sync will begin automatically
🔧 Configuration Options
Using Custom Security Roles
By default, Kernel uses the Kernel Integration Role. For custom requirements:
Access Configuration
In Dynamics 365, navigate to: Settings → Security → Security Roles
Create or modify a security role with desired permissions
Assign to Integration User
In Kernel Setup page, click "Change Integration User"
Select option: "Choose Existing User"
Select your user from the dropdown
The custom security role will be preserved
Minimum Required Permissions
Read: account, contact, lead, opportunity, systemuser
Read: krnl_kernelsyncstatus (Kernel custom entity)
Execute: Custom actions (krnl_*)
API Access: Web API enabled
Alternative: Choose Existing User
If you prefer to use an existing application user:
In Kernel Setup, click "Choose Existing User"
Select from dropdown of active application users
Click "Choose"
System will:
Assign required security roles
Send sync notification to Kernel
Update sync status
🔒 Security & Compliance
OAuth & Authentication
The Kernel Connected App uses:
Azure AD Application Registration for secure authentication
Application User context (no password, service principal-based)
HMAC-SHA256 signatures for API request verification
Organization ID as the secret key for signature generation
API Scopes & Permissions
The integration requires these permissions:
Dynamics 365 Web API Access - Read and manage your data
Offline Access - Perform requests continuously
Organization Context - Access organization-level settings
Data Access & Security
✅ Access is logged and auditable in Audit Summary View
✅ All API calls use encrypted HTTPS (TLS 1.3)
✅ Data transmission is encrypted end-to-end
✅ Integration user follows principle of least privilege
✅ Supports Azure AD conditional access policies
🚨 Troubleshooting
Common Issues and Solutions
❌ "Plugin Execution Failed"
Problem: Plugin throws an error during user creation
Solutions:
Verify you have System Administrator role
Check that Azure AD application is properly registered
Review plugin trace logs:
Navigate to: Settings → System → System Jobs
Filter by: Status = Failed
Review error message and stack trace
Contact Kernel support with System Job ID
❌ "Invalid Signature" Error
Problem: API calls fail with 401 Unauthorized
Solutions:
Verify remote site settings:
Navigate to: Settings → Security → Remote Site Settings
Confirm
https://api.kernel.aiis present and active
Check organization ID in trace logs
Ensure system time is synchronized (NTP)
Contact Kernel support for signature verification
❌ "Sync Status Not Updating"
Problem: UI shows "Not Connected" even after user creation
Solutions:
Refresh the page (Ctrl+F5 or Cmd+Shift+R)
Check custom entity permissions:
Navigate to: Settings → Security → Security Roles
Verify Kernel Integration Role has Read/Write to
krnl_kernelsyncstatus
Review plugin trace logs for errors
Try "Change Integration User" and recreate
❌ "Cannot Create Application User"
Problem: User creation fails with Azure AD error
Solutions:
Verify Azure AD application registration:
Check application exists in Azure Portal
Verify client ID matches plugin configuration
Ensure API permissions are granted with admin consent
Check your role permissions:
Must have System Administrator in Dynamics
Must have Application Administrator in Azure AD
Review Azure AD audit logs for failures
❌ Custom Page Shows Blank Screen
Problem: Kernel Setup page doesn't load
Solutions:
Clear browser cache and cookies
Try different browser (Chrome, Edge recommended)
Check browser console for JavaScript errors (F12)
Verify solution is fully imported and published
Re-publish all customizations:
Settings → Solutions → Publish All Customizations
⚠️ Connection Working But No Data Syncing
Problem: Integration connected but data not appearing in Kernel
Solutions:
Check security role permissions:
Integration user must have Read access to all relevant entities
Verify field-level security permissions
Review sync logs in Kernel Portal
Verify business unit access:
Integration user must have access to correct business unit
Check if data meets sync criteria (e.g., record ownership)
🔄 Managing the Integration
Deactivating the Integration User
To temporarily disconnect:
In Kernel Setup:
Click "Deactivate User"
Confirm action
User status changes to: Inactive
Sync status cleared
Manual Deactivation:
Navigate to: Settings → Security → Users
Find the Kernel Integration user
Click Deactivate
Confirm action
Effect: Kernel will no longer be able to access your Dynamics data. Sync will stop.
Reactivating the Connection
To reconnect after deactivation:
In Kernel Setup:
You'll see the deactivated user
Click "Reactivate User"
System sends lifecycle event to Kernel
Sync status restored
Manual Reactivation:
Navigate to: Settings → Security → Users
Find the Kernel Integration user
Click Activate
Return to Kernel Setup and verify sync status
Changing the Integration User
If you need to switch to a different user:
In Kernel Setup:
Click "Change Integration User"
Choose an option:
Create New User - Creates fresh application user
Choose Existing User - Assigns existing user
What Happens:
Previous user is NOT deactivated (just unlinked)
Previous sync status is cleared
New user receives security roles
New sync notification sent to Kernel
Tenant binding updated
Updating API Credentials
If your Kernel API credentials change:
Obtain new credentials from Kernel support
In Dynamics Kernel Setup:
Click "Disconnect" (if connected)
The integration user remains but sync stops
Contact Kernel support to update tenant binding
Click "Reactivate User" to re-establish connection
Revoking Access Completely
To completely remove Kernel integration:
Deactivate Integration User (see above)
Delete Custom Entities (Optional):
Navigate to: Settings → Customizations
Delete
krnl_kernelsyncstatusentity (removes sync history)
Uninstall Solution:
Navigate to: Settings → Solutions
Select Kernel Dynamics Connected App
Click Delete (this removes all components)
Notify Kernel Support to remove organization from portal
📊 Monitoring & Maintenance
View Sync Activity
In Dynamics 365:
Navigate to: Settings → System → System Jobs
Filter by: Regarding = Kernel
Review execution logs and timestamps
In Kernel App:
Log into
https://app.kernel.aiNavigate to: Settings → CRM Integrations → Dynamics 365
View sync history and status
Performance Monitoring
Plugin execution time: < 2 minutes (typical < 30 seconds)
API response time: < 5 seconds
Sync frequency: Real-time (on record create/update)
Audit Trail
All integration activity is logged:
Settings → Auditing → Audit Summary View
Filter by: User = Kernel Integration
Review: Create, Update, Read operations
📞 Support
Getting Help
Email: [email protected]
Include in Your Support Request:
Organization Information:
Organization ID (found in Settings → Customizations → Developer Resources)
Environment URL (e.g.,
https://yourorg.crm.dynamics.com)Environment type (Production / Sandbox)
Integration User Details:
Username
Email address
User GUID (from user settings)
Error Information:
Complete error messages
System Job IDs (for plugin errors)
Screenshots of error
Trace logs (from System Jobs)
Sync Information:
Tenant ID
Last successful sync timestamp
Sync job IDs (from Kernel Portal)
📦 Package Components Reference
What Gets Installed
KernelUserController
Plugin
Manages integration user lifecycle
KernelPermissionReporter
Plugin
Reports security role assignments
Kernel Setup
Custom Page
User interface for configuration
krnl_kernelsyncstatus
Custom Entity
Stores synchronization state
krnl_kernelsetting
Custom Entity
Stores configuration settings
Kernel Integration Role
Security Role
Provides API and data access
Custom Actions
Workflows
API endpoints for user management
Remote Site Settings
Configuration
Enables API callouts to Kernel
Solution Details
Publisher: Kernel
Prefix: krnl
Type: Managed (Production) / Unmanaged (Sandbox)
Dependencies: None
🔐 Privacy & Data Handling
What Data is Synced?
By default, Kernel syncs:
Standard Entities: Account, Contact, Lead, Opportunity, User
Fields: All fields accessible by integration user's security role
Metadata: Entity schemas, relationships, field definitions
What Data is NOT Synced?
Passwords or authentication credentials
System audit logs (unless explicitly configured)
Attachment file contents (only metadata)
Data outside integration user's security scope
Last updated