Prerequisites

Dynamics 365 Business Central Online connector supports OAuth 2.0 authentication with the following grant types:

• Client Credentials

• JWT Certificate Credentials

• Refresh Token/ Auth Code

Registering an Application on Entra ID

Perform the following:

1. Use either of the following methods to access the Entra Management Portal to perform the configuration:

   • Microsoft Azure

   • Microsoft Entra admin center

2. Select Entra ID in the left pane.

3. Select App registrations.

4. Select New registration.

5. On the Register an application page, in the Name field, enter the name of the application that you want to set up.

6. Set the Redirect URI to https://businesscentral.dynamics.com/OAuthLanding.htm.

7. Select Register. An Application is created.

   On the Application page the Application ID (Client ID) and Tenant ID are displayed.

8. On the left-hand panel, select Certificates & secrets. On the Certificates & secrets page, in the Client secrets section, select New client secret.

9. On the Add a client secret page, enter the Description to generate a secret, and select the validity duration in the Expires list. Select Add.

   Note the value of the client secret that you have just created.

The following sections describe the configurations that must be performed for each grant type.

Client Credentials

For the default Client Credentials grant type based authentication, following are the required configurations:

• Obtain Tenant ID, Client ID, and Client Secret from Microsoft Entra by Registering an Application on Entra ID.

JWT Certificate Credentials

JWT Certificate Credentials supports Authentication based on JWT assertion prepared from Certificate and Private Key.

1. Obtain the Client ID from Entra by Registering an Application on Entra ID.

2. To create a self-signed or CA-signed type X.509 certificate and private key, perform the following steps to register the certificate with the Microsoft identity platform:

   Important
   The private key must be encrypted with the RSA algorithm and registered at the Entra portal.

   1. Log in to the Entra Portal.

   2. Select the client application.

      In the Entra app registration for the client application, select Certificates & secrets.

   3. Select Upload certificate and select the certificate file to upload.

   4. Select Add.

   5. Obtain values for the following configurations:

      • Certificate: Obtain the text file of the same certificate which was uploaded on the Entra portal.

      • Private Key: Obtain the private key text file.

      • Private Key Password

Refresh Token

For refresh token, the delegated permissions on the Entra application are used (while Registering an Application on Entra ID). For more information on assigning the appropriate permissions to the Business Central, refer to Required Permissions.

Perform the following to obtain an Auth Code:

1. Obtain the authorization code using the following sample request URL:

   https://login.microsoftonline.com/<tenantname>.onmicrosoft.com/oauth2/v2.0/authorize?client_id=<client_id>&scope=offline_access https://api.businesscentral.dynamics.com/.default&response_type=code&redirect_uri=https://businesscentral.dynamics.com/OAuthLanding.htm&response_mode=query&state=<randomnumber>

   Note
   In the above URL, replace the values of <tenantname>, <client_id>, and <randomnumber>.

   • Add the following parameter details:

     Parameter	Description
     client_id	Client ID of the registered application.
     response_type	For authorization code, the value must be code.
     redirect_uri	The value of this must be a redirect URI to the URL that was configured while registering the application.
     response_mode	To get the code in string parameter on your redirect URI, it must be a query.
     scope	offline_access
     state	This can be any number. The same value is returned along with the authorization code.

2. The response in the address bar would be displayed as follows:

   https://businesscentral.dynamics.com/OAuthLanding.htm?code=OAQABAAIAAAAm-06blBE1TpVMil8KPQ41U9..&state=1234566&sessio n_state=9557b1f1-0fd8-4e12-a39f-213cfcd12153

   From the above response, copy the code between code= and &state.

3. Obtain the Refresh Token as follows using the Auth Code you copied:

   1. Execute the following POST:

      • Request URL: https://login.microsoftonline.com/<tenantname>/oauth2/v2.0/token

      • Content-Type: application/x-www-form-urlencoded

      • Request body:

        • client_id

        • client_secret

        • grant_type: As you intend to redeem the Auth Code, it should be authorization_code

        • code: Authorization code obtained earlier

        • redirect_uri: The value of this must be a redirect URI to the URL that was configured while registering the application.

        • scope: Enter offline_access https://api.businesscentral.dynamics.com/.default

   2. Copy Refresh Token from the response.

Creating an Application User on Business Central Online

Perform the following:

1. Open the Dynamics 365 Business Central portal.

2. In the Search field, search for Entra ID Application.

3. Select New.

4. Add the Client ID (created in Client Credentials/JWT Certificate Credentials depending on the Grant Type selected).

   Note
   Application ID is the Client ID of the Application registered in Entra.

5. Under User Groups and User Group permissions, add permissions in the Administrator permissions section and then save the application.