Setting up Azure Active Directory Authentication
Azure Active Directory is the only authentication method available for establishing web service connections with MS Dynamics 365 Business Central cloud companies. Setting up such a connection requires relevant Azure Active Directory and Business Central permissions. It is the master company that needs to be authenticated and authorized to have access to resources exposed by a receiver company (the ReceiverWS web service). The following instruction guides through the configuration process.
Important
Azure Active Directory is now Microsoft Entra ID. Learn more
Creating an App Registration in Azure Active Directory
To create an app registration:
Open the Azure Portal and go to the Azure Active Directory resource associated with your Azure tenant.
Go to the left hand side panel and find App Registrations tab in the Manage section and select the New Registration action.
Fill in the following fields:
- App Name - Specifies a custom name for the app registration.
- Supported Account Types - Specifies the account type; by the default Single Tenant is suggested.
- Platform - Specifies the platform to be used. Select the Web option.
- Redirect URL - It can be left blank as it is not used in the AAD client credential authentication flow.
On the Certificates and Secrets tab, select the New Client Secret action, copy the value and store it in a safe place as you will not be able to see it again.
On the API Permissions tab, select the Add a Permission action.
Select Dynamics 365 Business Central from Microsoft APIs and Application Permissions as a required permissions type.
Note
Application permissions do not require a signed-in user (as opposed to Delegated Permissions).
Choose API.ReadWrite.All and Automation.ReadWrite.All and confirm by choosing Add permissions.
Select the Grant admin consent action.
Setting up AAD Authentication on a Receiver Card
To set up AAD Authentication on a receiver card:
Create a receiver card. See Setting up a receiver.
Fill the Authentication Method field with the AAD value.
Make sure a SOAP web service URL has been entered into the Web Service Address field.
Fill in the Client ID field with Application (Client) ID which you can find in your AAD App Registration's overview (Azure Portal).
Fill in the Client Secret field with the client secret you created for your AAD App Registration.
Fill in the Tenant ID field. It is a GUID value that follows the MS Dynamics 365 Business Central main url https://businesscentral.dynamics.com/**tenant id*/...*. You can also find it on your AAD's Overview page.
Leave https://api.businesscentral.dynamics.com/.default in the Scope field.
Setting up Azure Active Directory Application Card
The last step requires setting up the Azure Active Directory Application Card settings in a receiver company. The card represents the application (a master company) which has just been registered in AAD. The application needs to have the necessary permissions granted, just like a regular user.
Note
This setup should be done in a receiver company.
Choose the icon, enter Azure Active Directory Applications, and then select a related link.
Select the New action and fill in the Client ID field based on the Receiver Card.
Assign the following permission sets (or similar):
- D365 BUS FULL ACCESS
- D365 BUS PREMIUM
- ITI01 MDMS FULL (or MDMS for MDMS version lower than 5.8.0.0)
Testing the Connection
A connection test can be performed on a receiver card by using the Test Connection action.