Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Description
Excerpt |
---|
Let's set up AAD authentication |
Overview
Table of Contents | ||||||
---|---|---|---|---|---|---|
|
1. Limitations
Barcode login is not suited for use with AAD as it will require two barcodes and generally lacks security.
2. Prerequisites
- Note that the OnPrem setup requires an additional step (step 7), which should not be done for Business Central Online
An Administrator user account associated with the Customers Business Central environment
- Extension version MOB5.18
- Android App 1.5.0
3. Creating Microsoft Azure App Registration
To access Business Central using AAD authentication, you must grant client access to this service.
- Log into https://portal.azure.com using an administrator user associated with the Customers Business Central environment
- Navigate to “Microsoft Entra ID” -> “App registrations”:
- Select “New registration” and name it Mobile WMS
4. Configure Redirect URI
Go to Redirect URI
Select “Public client/native (mobile & desktop)”(Do not select "Web")
Enter this URI: https://businesscentral.dynamics.com/
Select “Register”
5. Configuring the Application Registration
- Navigate to “API permissions”
- Select “Add a permission”
- Select "Dynamics 365 Business Central"
- Select "Delegated permissions"
- Select “user_impersonation”
- "Grant admin consent"
It might be necessarry necessary to grant admin consent for the App registration to work depending the organization settings . (Requires requires admin rights).
6. Gathering Information
This section outlines how to gather the data required for the mobile devices to connect using AAD.
Tasklet Factory needs the following data from you:
TenantIdTenant ID
ClientIdClient ID
Soap SOAP URL
Info | ||
---|---|---|
| ||
If TenantId the Tenant ID is not a part of the Soap SOAP URL, ite it means that the App Registration has been set up in the wrong AAD |
Get ID's
- Navigate to "Azure active directory"
- Select "Manage"
- Select "App registration"
- Select the new "Mobile WMS" registration
- Please copy and save the values marked in red
Get Application (client) ID
Get the Directory (tenant) ID
Get SOAP URL
- Log into Business Central
- Go to Web services page and
- Find the entry for MOB WS Dispatcher
- Please copy the SOAP URL field
7. Configure the Service Tier
Info | ||
---|---|---|
| ||
Note that this section is only for OnPrem Installations. |
On the service tier that you are using for the Mobile Devices, find the section called Azure Active Directory (Azure AD) - see below.
In the Valid Audiences field enter https://api.businesscentral.dynamics.com
It is possible to have several inputs in this field, they can be separated by a semicolon.
The value is a semicolon-separated list of audiences.
To configure SOAP and OData web services for Azure AD authentication, specify the App ID URI that is registered for your Business Central installation in Azure Active Directory (Azure AD)
8. Updating Mobile Configuration
Using the Service Desk service desk please send us the TenantIdTenant ID, ClientId Client ID and Soap SOAP URL on the project ticket or raise a new ticket
or
if this is for your own partner device, see below and just fill in the info in the placeholders for Tenant ID, Client Id + Soap URL.
Example and Template for Start.cfg -file
Modify in the red marked sections with the gathered information.
<!-- ENDPOINTS -->
<endpoints>
<endpoint id="01" displayName="D365BC" protocol="classic" type="D365BC" address="Soap URL">
<azureConfiguration authority="https://login.microsoftonline.com/TenantId/oauth2/v2.0/authorize" scopes="https://api.businesscentral.dynamics.com/user_impersonation" clientId="ClientId" returnUri="https://businesscentral.dynamics.com/"/>
</endpoint>
</endpoints>
9. Define Scopes if connecting to OnPrem installation or different product family (e.g. LS Central or Wiise)
Info | ||
---|---|---|
| ||
Android App 1.6.0.1 |
When connecting to OnPrem installation or a different product family like LS Central or Wiise, we will use the standard scope of Business Central to authenticate against in Azure AD. For this we will need to add the scopes attribute as shown below to the start.cfg file.
Modify in the red marked sections with the gathered information.
<!-- ENDPOINTS -->
<endpoints>
<endpoint id="01" displayName="D365BC" protocol="classic" type="D365BC" address="Soap URL">
<azureConfiguration authority="https://login.microsoftonline.com/TenantId/oauth2/v2.0/authorize" scopes="https://api.businesscentral.dynamics.com/user_impersonation" clientId="ClientId" returnUri="https://businesscentral.dynamics.com/"/>
</endpoint>
</endpoints>
10. Troubleshooting Login Issues
Next
Excerpt | ||
---|---|---|
| ||
Login using Azure Active Directory (AAD) authentication. |
Overview
Page Tree | ||||
---|---|---|---|---|
|