Prerequisites

Dynamics 365 Business Central Online connector supports OAuth 2.0 authentication with the following grant types:

  • Client Credentials

  • JWT Certificate Credentials

  • Refresh Token/ Auth Code

Following sections describe the configurations that must be performed for the above grant types.

Registering an Application on Azure Active Directory

Perform the following:

  1. User can use any of the following Azure Management Portal to perform the configuration:

  2. Select Azure Active Directory in the left pane.

  3. Select App registrations.

  4. Select New registration.

  5. On the Register an application page, in the Name field, enter the name of the application that you want to set up.

  6. Set the Redirect URI to https://businesscentral.dynamics.com/OAuthLanding.htm.

  7. Select Register. An Application is created.

    On the Application page the Application ID (Client ID) and Tenant ID are displayed.

  8. On the left-hand panel, select Certificates & secrets. On the Certificates & secrets page, in the Client secrets section, select New client secret.

  9. On Add a client secret page, enter the Description to generate a secret, select the validity duration in the Expires list. Select Add.

  10. Note the value of the client secret that you have just created.

Client Credentials

For the default Client Credentials grant type based authentication, following are the required configurations:

JWT Certificate Credentials

JWT Certificate Credentials supports Authentication based on JWT assertion prepared from Certificate and Private Key.

  1. Obtain Client ID from Azure Active Directory by registering the application (up to step 7 mentioned in Registering an Application on Azure Active Directory).

  2. To create a Certificate(self-signed or CA signed) of type X.509 and Private Key must be encrypted with RSA algorithm and registered at the Azure AD portal. Perform the following steps to register the certificate with the Microsoft identity platform:

    1. Login to Azure Portal.

    2. Select the client application.

      In the Azure app registration for the client application, select Certificates & secrets.

    3. Select Upload certificate and select the certificate file to upload.

    4. Select Add.

    5. Obtain values for the following configurations:

      • Certificate: Obtain the text file of the same certificate which was uploaded on the Azure portal.

      • Private Key: Obtain the private key text file.

      • Private Key Password

Refresh Token

For refresh token, the delegated permissions on the Azure Active Directory application are used (while Registering an Application on Azure Active Directory). For more information on assigning the appropriate permissions to the Business Central, see Required Permissions.

Perform the following to obtain Auth Code:

  1. Obtain the authorization code using the following sample request URL:

    https://login.microsoftonline.com/<tenantname>.onmicrosoft.com/oauth2/v2.0/authorize?client_id=<cllient_id>&scope=offline_access https://api.businesscentral.dynamics.com/.default&response_type=code&redirect_uri=https://businesscentral.dynamics.com/OAuthLanding.htm&response_mode=query&state=<randomnumber>

    Note
    In the above URL, replace the values of <tenantname>, <cllient_id>, and <randomnumber>.

    • Add the following parameter details:

      Parameter

      Description

      client_id

      Client ID of the registered application.

      response_type

      For authorization code the value must be code.

      redirect_uri

      The value of this must be a redirect uri to the url that was configured while registering the application, that is, https://businesscentral.dynamics.com/OAuthLanding.htm

      response_mode

      To get the code in string parameter on your redirect URI, it must be a query.

      scope

      offline_access https://api.businesscentral.dynamics.com/.default

      state

      This can be any random number. Same value would be returned along with authorization code.

  2. The response in the address bar would be displayed as follows:

    https://businesscentral.dynamics.com/OAuthLanding.htm?code=OAQABAAIAAAAm-06blBE1TpVMil8KPQ41U9..&state=1234566&sessio n_state=9557b1f1-0fd8-4e12-a39f-213cfcd12153

    From the above response, copy the code present between code= and &state which is marked in bold.

  3. Obtain the Refresh Token as follows using the Auth Code obtained in the above step:

    1. Execute the following POST:

      Request URL: https://login.microsoftonline.com/<tenantname>/oauth2/v2.0/token

      Content-Type: application/x-www-form-urlencoded

      Request body:

      • client_id

      • client_secret

      • grant_type: As you intend to redeem the Auth Code it should be authorization_code

      • code: Authorization code obtained in previous steps

      • redirect_uri: The value of this must be a redirect uri to the url that was configured while registering the application, that is, https://businesscentral.dynamics.com/OAuthLanding.htm

      • scope: Enter offline_access https://api.businesscentral.dynamics.com/.default

    2. Copy Refresh Token from the response.

Creating an Application User on Business Central Online

Perform the following:

  1. Open Dynamics 365 Business Central portal.

  2. In the Search field, search for Azure Active Directory Application.

  3. Select New.

  4. Add the Client ID (created in Client Credentials/JWT Certificate Credentials depending on the Grant Type selected).

    Application ID would be the Client ID of the Application registered in Azure Active Directory above.

  5. Under User Groups and User Group permissions add permissions in Administrator permissions section and save the application.