Setting up Microsoft Entra Authentication
Microsoft Entra is the only authentication method available for establishing web service connections with MS Dynamics 365 Business Central cloud companies. Setting up such a connection requires relevant Microsoft Entra ID and Business Central permissions. It is the IC partner company that needs to be authenticated and authorized to have access to resources exposed by the IC partner company (the IICWebService web service). The following instruction guides through the configuration process.
Microsoft Entra ID used to be called Azure Active Directory (AAD) Learn more
Creating an Application Registration in Microsoft Entra ID
To create an application registration:
Open the Azure Portal and go to the Microsoft Entra ID resource associated with your Azure tenant.
Go to the left-hand side panel and find the App Registrations tab in the Manage section and select the New Registration action.
Fill in the following fields:
- App Name - Specifies a custom name for the app registration.
- Supported Account Types - Specifies the account type and the suggested value is Single Tenant.
- Platform - Specifies the platform to be used. Select the Web option.
- Redirect URL - It can be left blank as it is not used in the Microsoft Entra client credential authentication flow.
On the Certificates and Secrets tab, select the New Client Secret action, copy the value (note: it is not the Secret ID guid) and store it in a safe place as you will not be able to see it again.
On the API Permissions tab, select the Add a Permission action.
Select Dynamics 365 Business Central from Microsoft APIs and Application Permissions as a required permissions type.
Application Permissions do not require a signed-in user (as opposed to Delegated Permissions).
Choose API.ReadWrite.All and Automation.ReadWrite.All and confirm your choice by choosing the Add Permissions button.
Select the Grant Admin Consent action.
Setting up Microsoft Entra Authentication on a IIC Endpoint Card
To set up Microsoft Entra on the IIC Endpoint card:
Create an IIC endpoint. For details, read Setting up endpoints.
Make sure the Web Service Address field is filled in with a SOAP web service URL.
Fill the Authentication Type field with the Microsoft Entra value.
Fill in the Tenant ID field. It is a GUID value that follows the MS Dynamics 365 Business Central main url https://businesscentral.dynamics.com/**tenant id*/...*. You can also find it on your Overview page.
Fill in the Client ID field with Application (Client) ID which you can find in your Microsoft Entra ID App Registration's overview (Azure Portal).
Fill in the Client Secret field with the client secret you created for your Microsoft Entra ID application registration.
Setting up Microsoft Entra Application
The last step requires setting up an Microsoft Entra Application in an IC partner company. The card represents the application which has just been registered in Microsoft Entra ID. The application needs to have the necessary permissions granted, just like a regular user.
This setup should be done in a receiver company.
Choose the icon, enter Microsoft Entra Applications, and then select a related link.
Select the New action and fill in the Client ID field based on the IIC Endpoint.
Assign the following permission sets (or similar):
- D365 BUS FULL ACCESS
- D365 BUS PREMIUM
- ITI03 AIC FULL (ADVANCED INTERCOMPAN - before version 3.1.2)
Testing the Connection
The connection can be tested on a receiver card with the Test Connection action.