Skip to main content
News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Question on SSO with t...
Small and medium business | Business Central, N...
Answered

Question on SSO with tenant association

(4) ShareShare
ReportReport
Posted on by SC-11120904-0 44

I have a prospect who has set up their global tenant in the UK. They now wish to deploy Business Central in Hong Kong and purchase the license through CSP. Since their email address is associated with the global tenant, I would like to understand how we can implement Single Sign-On (SSO) for the Business Central deployment in the Hong Kong data center.

Your assistance on this matter would be greatly appreciated. Thank you.

Categories:
Dynamics 365 Business Central
  • Suggested answer
    Sohail Ahmed Profile Picture
    Sohail Ahmed 4,844 on at
    Question on SSO with tenant association
    @SC-11120904-0 

    To implement Single Sign-On (SSO) for Business Central in this case, the key point is tenant association:

     
    • Business Central Online is tenant-bound, meaning all environments (regardless of geography) must belong to the same Azure AD tenant (Microsoft Entra ID).
    • If the prospect's email is associated with their UK-based global tenant, and they plan to deploy BC in Hong Kong using the same tenant, then SSO works seamlessly — all users will authenticate via the global tenant.
     

    Solution: Ensure the Hong Kong environment is created under the same Azure AD tenant (UK global tenant), even if it's deployed in a different region via CSP. This setup will allow seamless SSO using existing credentials.

     

    If they attempt to use a different tenant for the Hong Kong deployment, SSO won't work natively and cross-tenant access/guest setup would be required, which is not supported for Business Central SaaS.

    ✅ Mark this answer as verified if it helps you.

  • SC-11120904-0 Profile Picture
    SC-11120904-0 44 on at
    Question on SSO with tenant association

    Thank you for your response and for clarifying the SSO aspect. I now have a question regarding license procurement. The customer wishes to purchase the license in Hong Kong; however, due to Microsoft's policy, they can only procure the license in the UK, where their global tenant is located.

    Is it possible to set up a sub-tenant in Hong Kong that can be associated with the UK tenant, allowing us to procure the license in Hong Kong while still benefiting from SSO? Thank you.

  • Verified answer
    Ramesh Kumar Profile Picture
    Ramesh Kumar 5,520 on at
    Question on SSO with tenant association

    Azure AD is global and typically tied to the initial region where the tenant was created — in your case, UK. However, Business Central environments can be deployed in different geographic regions, including Hong Kong, as long as it's supported. You can create a Business Central environment in the Hong Kong region, even if the M365 tenant is UK-based.

    SSO Support Across Regions

    • Business Central uses Azure AD for authentication.
    • Since the tenant is the same, users can Single Sign-On (SSO) to any Business Central environment, regardless of where it's hosted (UK, Hong Kong, etc.).
    • No special configuration is needed beyond standard Business Central and Azure AD setup.
     SSO will work without any additional setup because users belong to the same Azure AD tenant.
     
    Thanks
    Ramesh
     
    If this was helpful, please check the "Does this answer your question?" box and mark it as verified.
  • Verified answer
    RockwithNav Profile Picture
    RockwithNav 7,288 on at
    Question on SSO with tenant association
    I never tried this but I can can throw out a thought -
     

    To enable Single Sign-On (SSO) for your Business Central deployment in Hong Kong while keeping the UK tenant as the global identity provider, you can configure the Hong Kong environment to authenticate users through the existing UK Azure Active Directory (Azure AD) tenant. This means users in Hong Kong will log in using the UK tenant credentials, ensuring centralized identity management. During the Business Central setup in Hong Kong, make sure it is linked to the UK Azure AD tenant for authentication. All Hong Kong users must either exist in the UK tenant or be added via Azure AD B2B collaboration. Licenses for Business Central should also be assigned to these users through the UK tenant using the CSP (Cloud Solution Provider) model. Optionally,  Once everything is set up, users will simply access the Hong Kong Business Central URL. They will be redirected to the UK tenant for authentication and then brought back to the Hong Kong environment after a successful login—ensuring seamless access with a single set of credentials.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Now Available: 2025 Release Wave 2

Quick Links

Ramesh Kumar – Community Spotlight

We are honored to recognize Ramesh Kumar as our July 2025 Community…

Congratulations to the June Top 10 Community Leaders!

These are the community rock stars!

Announcing the Engage with the Community forum!

This forum is your space to connect, share, and grow!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
Sohail Ahmed Profile Picture

Sohail Ahmed 2,655

#2
Mansi Soni Profile Picture

Mansi Soni 1,574

#3
YUN ZHU Profile Picture

YUN ZHU 1,453 Super User 2025 Season 1

Last month Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans