The D365 Business Central Connector supports both OAuth 2.0 Code Flow and OAuth 2.0 Client Credentials and requires the following credentials or information for authentication.
Parameter | Description | OAuth2.0 Code Flow | OAuth 2.0 Client Credentials |
---|---|---|---|
Tenant ID | The Directory (tenant) ID that displays when app registration is successful (described in step 8 below). | X | X |
Client ID | The Application (client) ID is assigned when the application is successfully registered (noted in step 8 below.)
Specifies the client ID of the application that is registered in Azure Active Directory. To find the application's client ID: from the Azure Management Portal, click Active Directory>(directory)>(application)>Configure. |
X | X |
Client Secret | The Client Secret value captured in step #9 below. | X | X |
Redirect URI | The URI that you provided during the app registration process (step 7). This specifies the reply URL of the application. The value must match the value of the redirect_uri parameter in the authorization code request. To find the application's reply URL, in the Azure Management Portal, click Active Directory>(directory)>(application)>Configure. | X | |
Resource | The App ID URI of the web API (secured resource).
To find the App ID URI, in the Azure Management Portal, click Active Directory>(directory)> (application)>Configure. |
X | X |
Scope |
Scope refers to permissions associated with accessing D365 Business Central. https://api.businesscentral.dynamics.com/.default This is generally expected to remain the same as the default permissions include common actions like reading and writing data, managing users, or performing other relevant operations within the scope of the resource. |
X | |
Environment |
The Environment tab of the Business Central administration center provides you with an overview of the Business Central production and sandbox environments for the tenant, and you can manage updates for each environment. |
X | X |
For the Authorization Code Grant flow and Client Credentials flow, use the Azure Management Portal to register the application in your Azure AD tenant to obtain ClientID, Client Secret, and Redirect URI.
Take these steps to register an application in your Azure AD tenant:
- Sign in to the Azure portal using either a work or personal account.
- If your account gives you access to more than one tenant, select your account in the upper right corner. Set your portal session to the Azure AD tenant that you want.
- Search for and select Azure Active Directory. Under Manage, select App registrations.
- Select New registration.
- In Register an application, enter a meaningful application name to display to users.
- Specify who can use the application. For more information, please refer to https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-a-new-application-using-the-azure-portal
- Under Redirect URI (optional), select the type of app you're building: Web or Public client (mobile & desktop). Then enter the redirect URI, or reply URL, for your application.
- For web applications, provide the base URL of your app. For example, https://localhost:31544 might be the URL for a web app running on your local machine. Users would use this URL to sign in to a web client application.
- For public client applications, provide the URI used by Azure AD to return token responses. Enter a value specific to your application, such as myapp://auth.
Examples of web applications or native applications can be found in the quickstarts on the Microsoft identity platform.
- When finished, select Register.
Azure AD assigns a unique application or client ID to your app. The portal opens your application's Overview page. To add capabilities to your application, you can select other configuration options including branding, certificates and secrets, API permissions, and more.
- Once the app is created, from the listing page click on the App Name and then click Certificates and Secrets -> New Client Secret and follow the steps on the screen to capture the Client Secret.
- Add the APIs to which the registered app will have access. Click on API Permissions -> Add a permission. For Microsoft Dynamics 365 Business Central, Dynamics 365 Business Central permissions need to be provided.
Note: The below steps are required to work with the client credentials flow explicitly.
- Click on Overview and then navigate to the Redirect URIs screen.
- Select Access Tokens (under Implicit grant and hybrid flows).
- Open the Business Central application and then search for Azure Active Directory OR Microsoft Entra Application and then click on the first link that appears. Both are shown below.
- Click the New option.
- Enter the below details in the following screens.
- Enter the Client ID from the above steps.
- Enter the description
- Select the state as Enabled.
- Under the User Permissions Sets section, select the Permission Set as SUPER(DATA).
Comments
0 comments
Please sign in to leave a comment.