Install the BCO akoyaGO Integration Enterprise Application
Updated June 2025: This article has been updated to use the Microsoft Graph PowerShell module. The previous AzureAD module was retired by Microsoft on September 30, 2024. See Microsoft's migration guide for more information.
Prerequisites
Before running the installation script, ensure you have the required PowerShell modules installed. You can use either Windows PowerShell 5.1 (built into Windows) or PowerShell 7.x (recommended for better performance).
Open PowerShell as Administrator and run these commands to install the required modules
Install-Module Microsoft.Graph.Authentication -Scope CurrentUser -Force
Install-Module Microsoft.Graph.Applications -Scope CurrentUser -Force
Note: If prompted to install from an untrusted repository (PSGallery), type Y to proceed.
Part 1: Install the Enterprise Application
1. Start PowerShell with administrator privileges, open Task Manager and select File -> Run new task:
2. Type in "powershell" and check the checkbox highlighted:
3. Run this command in PowerShell:
Note: The script will check for required PowerShell modules and prompt you to sign in to Microsoft Graph. Use credentials for an account with Global Administrator or Application Administrator privileges on the tenant.
iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/akoyago/public/main/scripts/implementation/bco-imp-install-spn.ps1'))
A browser window will open for authentication. Sign in with your tenant admin credentials. You may see a permissions consent prompt for the Microsoft Graph PowerShell application—this is expected and required.
The script will look like this when run and completed successfully:
/msdyn_blobfile/$value)
4. When the script is done, it will say "Done."
5. Copy and paste the URL (noted in red) in a browser logged into the tenant to grant consent. The URL will be automatically generated for each tenant.
If done correctly, you will see this consent dialog:
6. When consent is granted correctly, the browser will redirect to the akoyaGO home page.
(Optional) If you want to validate permission consent: Inside the Azure portal, navigate to Microsoft Entra ID → Enterprise Applications. The application will look like this after consenting:
Part 2: Setting Up the BCO akoyaGO Integration Dynamics S2S/Application User
Click See all from the environment page.
2. Click + New app user.
3. Click + Add an app.
4. Search for and select App ID: a86b9632-42bf-4dfe-83c8-bbc95145504b
5. Click Add to close the dialog box.
Select your appropriate Business unit.
Click the Security roles pencil icon:
Then select the System Administrator security role and click Save.
6. When complete, it should look like this:
7. Click Create and wait for the process to finish.
When complete, you should see an Application User that appears like this:
You are finished with setting up the BCO akoyaGO Integration Dynamics S2S/Application user.
Troubleshooting
Module Installation Errors
If you receive errors about missing modules, manually install them:
Install-Module Microsoft.Graph.Authentication -Scope CurrentUser -Force -AllowClobber
Install-Module Microsoft.Graph.Applications -Scope CurrentUser -Force -AllowClobber
Insufficient Privileges Error
Ensure the account you're using has one of the following Microsoft Entra ID roles: Global Administrator, Application Administrator, or Cloud Application Administrator.
Service Principal Already Exists
If the script reports that the Service Principal already exists, this is normal for tenants where the connector was previously installed. The script will display the existing object ID and continue to provide the consent URL.
Authentication Timeout
If the Microsoft Graph authentication times out or fails, run the following command to clear any cached credentials and try again:
Disconnect-MgGraph
App Not Found When Creating Application User
If you cannot find the app when searching by App ID in Power Platform admin center, ensure that the PowerShell script completed successfully, admin consent was granted via the consent URL, and you are searching in the correct tenant.
Keywords: New Client Install SPN Solution Microsoft Graph Enterprise Application Entra ID S2S Application User
