Skip to main content

How to setup Single Sign-On(SSO) for Microsoft Dynamics Business Central(NAVISION ERP)

Introduction:

In my previous blog on How to Setup NavUserPassword with SSL for Microsoft Dynamics Business Central, I have performed all the steps in such a way that it would perfectly fit with this blog to give you Single Sign-On(SSO) based access to Microsoft Dynamics 365 Business Central.

Pre-requisites:

  • How to setup NAVUserPassword Authentication
  • Understand how AzureAD Authentication works
  • Microsoft Dynamics 365 Business Central On-Premise

Books & References:

https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/authenticating-users-with-azure-active-directory

Demonstration:

1. Preparation for SSO:
Perform all the steps for NAVUserPassword based authentication.
Refer here How to Setup NavUserPassword with SSL for Microsoft Dynamics Business Central

2. Connect your device to AzureAD:
Install Azure AD Module

Install Azure AD Module by running the command highlighted
After installation of Azure AD Module, in order to connect to Azure AD you will need to download the Azure Connect PowerShell.
Connect-AzureAD -Confirm
Login to  Azure using Office 365. By default with Office 365, your Azure AD TenantID is created.
Your Azure AD and VM are connected and you will get your AzureAD TenantID.
Azure AD Tenant ID after connecting
3. Register Business Central App in your AzureAD Tenant:
Goto App Registration > put your App Name,
Configure your Redirect URI: <HOST>/WebServerInstanceName/SignIn
Business Central App Registration with Redirect URI
Go to Application ID URI and configure the Application ID by clicking on it
Copy your Application ID URI.
App Registration App ID URI 
Setup the following parameters. These parameters will be used to Setup Business Central Administration.

  • Application URI : <Your App ID URI from App Registration>
  • Redirect URI: <HOST>/WebServerInstanceName/SignIn
  • Azure AD Federation Metadata URL: https://login.microsoftonline.com/<Azure AD TENANT ID>/FederationMetadata/2007-06/FederationMetadata.xml 
  • WS-Federation Login Endpoint: https://login.microsoftonline.com/<AAD TENANT ID>/wsfed?wa=wsignin1.0%26wtrealm=<Application ID URI>%26wreply=<Redirect URL>


SSO Parameters

4. Modify the parameters in Business Central Administration:
Under the AzureAD section of Business Central Administration, copy the
Application ID URI, Redirect URI, WS Federation Login Endpoint, AzureAD Federation Metadata URL.In Business Central Administration, change the Credentials Type to AccessControlService
Business Central Administration AzureAD parameters and Credential Type change

Goto C:\inetpub\wwwroot\WebServerInstanceName\navusersettings.json
Modify the CredentialType to AccessControlService
Change CredentialType to AccessControlService

5. Add the Office 365 to Users in Business Central:
Add Office365 Email to Users in Business Central

6. For Windows Client Setup:
Change the ClientUserSettings.config file  under C:\Users\<USER>\AppData\Roaming\Microsoft\Microsoft Dynamics NAV\140
Change Credential Type to AccessControlService and ACSUri to WS-Federation Login Endpoint.
 
ClientUserSettings.config


Restart Business Central Server Instance through Business Central Administration and Web Server Instance through IIS.
Output:
For WebClient
After going to the URL for Business Central WebClient, you will be asked for your Office 365 Login.
Logging into Business Central WebClient


After Logging into Business Central using Office 365 Credentials
For Windows Client
Login into Windows Client using Office 365 credentials
Windows Client Logged In
Conclusion:
Thus, this blog explained, how to connect AzureAD to VM, how to register your App(Business Central) in AzureAD and then use the parameters in Business Central for Login Setup and redirections. Overall, the process is complicated and confusing, I have tried my best to put it as cleanly as possible.
This concludes my Authentication Setup blog for Business Central.
Hope this helps! 

Comments

Popular posts from this blog

Something went wrong. An Error occurred - Error Resolution

Introduction: With the installation of NAV 2018 or BC On-premise, I have observed that when creating New Server Instance and New WebServer Instance, you will get the error 'Something went wrong. An Error occurred '. I referred to the community questions below but didn't find my resolution. Hence, I decided to write this blog. Pre-requisites: Microsoft Dynamics Business Central - On-Premise / NAV 2018 Understanding of Business Central Authentication  Books & References: https://community.dynamics.com/nav/f/microsoft-dynamics-nav-forum/261301/nav-2018-web-client-an-error-has-occurred https://community.dynamics.com/business/f/dynamics-365-business-central-forum/421987/error-something-went-wrong-an-error-has-occurred-azure-ad-tenant Demonstration: 1. Creation of NAVServerInstance: In order to create NAVServerInstance, you can either add the Server Instance through Business Central Administration or Powershell command. Add Instance - Business Central Administration Add Insta...

How to resolve 'Edit in Excel' issues

  Introduction: As you know that D365 BC offers Edit in Excel functionality. But manipulating or customizing such a  standard functionality is difficult as there is not much control available. Hence, solving issues is also a difficult task. I will be resolving the issue for this specific issue, however, the debugging steps are similar. Pre- requisites : ODATA V4 Connectivity tool for Webservices Microsoft Dynamics 365 Business Central Books & References: https://community.dynamics.com/business/f/dynamics-365-business-central-forum/448226/issue-with-excel-add-in/ Demonstration: The way Edit in Excel works is that for a given page a Webservice is created adding PageID and Page Name. Hence, there are some Webservice connectivity checks in place to validate. 1. Edit in Excel Custom Action on the page: If you are adding Edit in Excel Action on the page, please ensure that you are providing appropriate PageName and Filter criteria as Webservice is using these parameters Refer Ed...

Installing LS Central - POS on local machine

Introduction: In this blog, I'm attempting to capture the LS Central - POS installation process on Local Machine. This blog has nothing to do LS Central - Server Setup for POS. LS Retail / LS Central - On Premise POS Pre- requisites : LS Central Installed on Server SSL Setup on LS Server (https://www.olisterr.tech/2020/03/how-to-setup-navuserpassword-with-ssl.html) LS - POS Installer Business Central - On Premise Installer Demonstration: Once your LS Retail / LS Central POS is setup on the main server. Just prior to Go-Live, you will actually have to install this POS on multiple systems and connect these POS to the main server with LS Retail / LS Central. 0.Preparation: Prior to actually installing Business Central On-Premise Windows Client, you need to make sure that you're able to ping the target with the correct Port number. For this I made use of PS-Ping tool.  PSPing - IP Address: Port If you're unable to PS-Ping the correct IP with Port number, simply check the Advan...