Skip to main content

How to setup Single Sign-On(SSO) for Microsoft Dynamics Business Central(NAVISION ERP)

Introduction:

In my previous blog on How to Setup NavUserPassword with SSL for Microsoft Dynamics Business Central, I have performed all the steps in such a way that it would perfectly fit with this blog to give you Single Sign-On(SSO) based access to Microsoft Dynamics 365 Business Central.

Pre-requisites:

  • How to setup NAVUserPassword Authentication
  • Understand how AzureAD Authentication works
  • Microsoft Dynamics 365 Business Central On-Premise

Books & References:

https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/authenticating-users-with-azure-active-directory

Demonstration:

1. Preparation for SSO:
Perform all the steps for NAVUserPassword based authentication.
Refer here How to Setup NavUserPassword with SSL for Microsoft Dynamics Business Central

2. Connect your device to AzureAD:
Install Azure AD Module

Install Azure AD Module by running the command highlighted
After installation of Azure AD Module, in order to connect to Azure AD you will need to download the Azure Connect PowerShell.
Connect-AzureAD -Confirm
Login to  Azure using Office 365. By default with Office 365, your Azure AD TenantID is created.
Your Azure AD and VM are connected and you will get your AzureAD TenantID.
Azure AD Tenant ID after connecting
3. Register Business Central App in your AzureAD Tenant:
Goto App Registration > put your App Name,
Configure your Redirect URI: <HOST>/WebServerInstanceName/SignIn
Business Central App Registration with Redirect URI
Go to Application ID URI and configure the Application ID by clicking on it
Copy your Application ID URI.
App Registration App ID URI 
Setup the following parameters. These parameters will be used to Setup Business Central Administration.

  • Application URI : <Your App ID URI from App Registration>
  • Redirect URI: <HOST>/WebServerInstanceName/SignIn
  • Azure AD Federation Metadata URL: https://login.microsoftonline.com/<Azure AD TENANT ID>/FederationMetadata/2007-06/FederationMetadata.xml 
  • WS-Federation Login Endpoint: https://login.microsoftonline.com/<AAD TENANT ID>/wsfed?wa=wsignin1.0%26wtrealm=<Application ID URI>%26wreply=<Redirect URL>


SSO Parameters

4. Modify the parameters in Business Central Administration:
Under the AzureAD section of Business Central Administration, copy the
Application ID URI, Redirect URI, WS Federation Login Endpoint, AzureAD Federation Metadata URL.In Business Central Administration, change the Credentials Type to AccessControlService
Business Central Administration AzureAD parameters and Credential Type change

Goto C:\inetpub\wwwroot\WebServerInstanceName\navusersettings.json
Modify the CredentialType to AccessControlService
Change CredentialType to AccessControlService

5. Add the Office 365 to Users in Business Central:
Add Office365 Email to Users in Business Central

6. For Windows Client Setup:
Change the ClientUserSettings.config file  under C:\Users\<USER>\AppData\Roaming\Microsoft\Microsoft Dynamics NAV\140
Change Credential Type to AccessControlService and ACSUri to WS-Federation Login Endpoint.
 
ClientUserSettings.config


Restart Business Central Server Instance through Business Central Administration and Web Server Instance through IIS.
Output:
For WebClient
After going to the URL for Business Central WebClient, you will be asked for your Office 365 Login.
Logging into Business Central WebClient


After Logging into Business Central using Office 365 Credentials
For Windows Client
Login into Windows Client using Office 365 credentials
Windows Client Logged In
Conclusion:
Thus, this blog explained, how to connect AzureAD to VM, how to register your App(Business Central) in AzureAD and then use the parameters in Business Central for Login Setup and redirections. Overall, the process is complicated and confusing, I have tried my best to put it as cleanly as possible.
This concludes my Authentication Setup blog for Business Central.
Hope this helps! 

Comments

Popular posts from this blog

Creating APIs in Business Central - 1

Introduction:
While writing a blog on Automated Testing in Business Central, I was going through sample apps provided by Microsoft and realized that the complexity is nowhere close to what examples Microsoft has provided on docs.microsoft.com. In this blog, I will try to explain how APIs work and how to be creative with the implementation. Also, an API which were in beta are finally out with version V1.0 in the April 2019 release let's see some important key things from development aspects.
This blog is going to be theoretical one kindly bear with me.


Pre-requisites:
Microsoft Dynamics Business Central (SaaS)VS Code(https://code.visualstudio.com/download)AL Language Extension(https://tinyurl.com/yyvzxwkb)API V1 from Business Central On-Premise DVD
Books & References:
API V1 from Business Central On-Premise DVDAPI(V1.0) for Business Central (Click Here)API(Beta) for Business Central (Click Here)
Solution:

Key Requirements:
API source table must have an Id(GUID) field per record for m…

Enum Object in Business Central - How to create and how to extend!

Introduction:
Since the dawn of Business Central Era (2nd April 2018 - Today), there are many new data types introduced by Microsoft.
One such data type is Enum(Enumeration). Essentially, what enumeration is having a single select value with multiple options at a given time!
Well, I know what your thinking what about the 'Option' data type.
Anyways, enough of talking let's just dive in!

Disclaimer:The knowledge in this blog is true and complete to the best of authors and publishers knowledge. The author and publisher disclaim any liability in connection with the use of this information.
Pre-requisites:
Microsoft Dynamics Business Central (SaaS or On-Premise)
VS code with AL Language extension

Code:
1. Enum as an Object:
Just like Tables and Pages, Enum behaves like an Object.
Note that Extensible means that the Enum Object can be extended in another module. By default, this property is set to TRUE.



Enums and Enum Extensions behave differently. They follow a different number se…

Understanding and How to use APIs Business Central - 2

Introduction:
In my last blog post (Business Central API -1 ) on Creating API in Business Central, we discussed all the commonly used properties of the page, query, and controls like field and data-item. In today's blog, we will be diving deeply into the validation of the data passed through the API endpoint, how it enters into the source tables and is manipulated to be inserted/modified into single or multiple tables.
Also, I will be demonstrating how APIs are to be used.

Pre-requisites:
Microsoft Dynamics Business Central (SaaS)VS Code(https://code.visualstudio.com/download)AL Language Extension(https://tinyurl.com/yyvzxwkb)API V1 from Business Central On-Premise DVD
Books & References:
API V1 from Business Central On-Premise DVDAPI(V1.0) for Business Central (Click Here)API(Beta) for Business Central (Click Here)
Theory:
Understanding API in Business Central 1. BINDSUBSCRIPTIONS: Use to trigger IntegrationEvent for the Codeunit stated in parameters whenever the function calling BI…