Skip to main content

How to setup Single Sign-On(SSO) for Microsoft Dynamics Business Central(NAVISION ERP)

Introduction:

In my previous blog on How to Setup NavUserPassword with SSL for Microsoft Dynamics Business Central, I have performed all the steps in such a way that it would perfectly fit with this blog to give you Single Sign-On(SSO) based access to Microsoft Dynamics 365 Business Central.

Pre-requisites:

  • How to setup NAVUserPassword Authentication
  • Understand how AzureAD Authentication works
  • Microsoft Dynamics 365 Business Central On-Premise

Books & References:

https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/authenticating-users-with-azure-active-directory

Demonstration:

1. Preparation for SSO:
Perform all the steps for NAVUserPassword based authentication.
Refer here How to Setup NavUserPassword with SSL for Microsoft Dynamics Business Central

2. Connect your device to AzureAD:
Install Azure AD Module

Install Azure AD Module by running the command highlighted
After installation of Azure AD Module, in order to connect to Azure AD you will need to download the Azure Connect PowerShell.
Connect-AzureAD -Confirm
Login to  Azure using Office 365. By default with Office 365, your Azure AD TenantID is created.
Your Azure AD and VM are connected and you will get your AzureAD TenantID.
Azure AD Tenant ID after connecting
3. Register Business Central App in your AzureAD Tenant:
Goto App Registration > put your App Name,
Configure your Redirect URI: <HOST>/WebServerInstanceName/SignIn
Business Central App Registration with Redirect URI
Go to Application ID URI and configure the Application ID by clicking on it
Copy your Application ID URI.
App Registration App ID URI 
Setup the following parameters. These parameters will be used to Setup Business Central Administration.

  • Application URI : <Your App ID URI from App Registration>
  • Redirect URI: <HOST>/WebServerInstanceName/SignIn
  • Azure AD Federation Metadata URL: https://login.microsoftonline.com/<Azure AD TENANT ID>/FederationMetadata/2007-06/FederationMetadata.xml 
  • WS-Federation Login Endpoint: https://login.microsoftonline.com/<AAD TENANT ID>/wsfed?wa=wsignin1.0%26wtrealm=<Application ID URI>%26wreply=<Redirect URL>


SSO Parameters

4. Modify the parameters in Business Central Administration:
Under the AzureAD section of Business Central Administration, copy the
Application ID URI, Redirect URI, WS Federation Login Endpoint, AzureAD Federation Metadata URL.In Business Central Administration, change the Credentials Type to AccessControlService
Business Central Administration AzureAD parameters and Credential Type change

Goto C:\inetpub\wwwroot\WebServerInstanceName\navusersettings.json
Modify the CredentialType to AccessControlService
Change CredentialType to AccessControlService

5. Add the Office 365 to Users in Business Central:
Add Office365 Email to Users in Business Central

6. For Windows Client Setup:
Change the ClientUserSettings.config file  under C:\Users\<USER>\AppData\Roaming\Microsoft\Microsoft Dynamics NAV\140
Change Credential Type to AccessControlService and ACSUri to WS-Federation Login Endpoint.
 
ClientUserSettings.config


Restart Business Central Server Instance through Business Central Administration and Web Server Instance through IIS.
 Output:
For WebClient
After going to the URL for Business Central WebClient, you will be asked for your Office 365 Login.
Logging into Business Central WebClient


After Logging into Business Central using Office 365 Credentials
For Windows Client
Login into Windows Client using Office 365 credentials
Windows Client Logged In
Conclusion:
Thus, this blog explained, how to connect AzureAD to VM, how to register your App(Business Central) in AzureAD and then use the parameters in Business Central for Login Setup and redirections. Overall, the process is complicated and confusing, I have tried my best to put it as cleanly as possible.
This concludes my Authentication Setup blog for Business Central.
Hope this helps! 

Labels:

Comments

Post a Comment

Let me know your comments below. I'll try my best to answer your comment

Popular posts from this blog

Something went wrong. An Error occurred - Error Resolution

Introduction: With the installation of NAV 2018 or BC On-premise, I have observed that when creating New Server Instance and New WebServer Instance, you will get the error 'Something went wrong. An Error occurred '. I referred to the community questions below but didn't find my resolution. Hence, I decided to write this blog. Pre-requisites: Microsoft Dynamics Business Central - On-Premise / NAV 2018 Understanding of Business Central Authentication  Books & References: https://community.dynamics.com/nav/f/microsoft-dynamics-nav-forum/261301/nav-2018-web-client-an-error-has-occurred https://community.dynamics.com/business/f/dynamics-365-business-central-forum/421987/error-something-went-wrong-an-error-has-occurred-azure-ad-tenant Demonstration: 1. Creation of NAVServerInstance: In order to create NAVServerInstance, you can either add the Server Instance through Business Central Administration or Powershell command. Add Instance - Business Central Administration Add Insta
Post a Comment
Read more

Universal Code Error and Resolution

Introduction: On Friday, May 12th, 2023, the Business Central On-Premise Production Environments started throwing universal code errors as follows. This occurred to every customer on a lower version of BC 19,20 and 21 irrespective of their localization, customization, and license. Pre-requisites:  Understanding of Technical Upgrade in Business Central On-Prem References: BC20 On prem. Universal Code requirement error after installing customer's license. - Dynamics 365 Business Central Forum Community Forum (40) Yammer : Dynamics 365 Business Central Development : View Conversation Root Cause: The certificate that signs Microsoft Base Application was expired. Errors started occurring if you Uninstalled, Installed Extensions, Restart Server Instances or for some even out of random started popping out. We first thought could be a license issue as we had fixed that before but this did not solve the issue. Resolution: Microsoft identified the issue and posted the following update The mi
Post a Comment
Read more

How to resolve 'Edit in Excel' issues

  Introduction: As you know that D365 BC offers Edit in Excel functionality. But manipulating or customizing such a  standard functionality is difficult as there is not much control available. Hence, solving issues is also a difficult task. I will be resolving the issue for this specific issue, however, the debugging steps are similar. Pre- requisites : ODATA V4 Connectivity tool for Webservices Microsoft Dynamics 365 Business Central Books & References: https://community.dynamics.com/business/f/dynamics-365-business-central-forum/448226/issue-with-excel-add-in/ Demonstration: The way Edit in Excel works is that for a given page a Webservice is created adding PageID and Page Name. Hence, there are some Webservice connectivity checks in place to validate. 1. Edit in Excel Custom Action on the page: If you are adding Edit in Excel Action on the page, please ensure that you are providing appropriate PageName and Filter criteria as Webservice is using these parameters Refer Editworkshe
Post a Comment
Read more