Small and medium business | Business Central, N...

Security Groups based on Entra with onPrem installation

(5) Share

Report

Posted on by GW-11030928-0

Hi all,

is it possible to create security-groups based on Entra (AAD) with a BC365 25.3 onPrem installation. The used instance is based on AccessControlService. Trying it I get always the answer

It's interessing to see, that "normal" AD-Windows groups could also not be found (only with a indows-authetication).

KR GW

Categories:

Dynamics 365 Business Central

All responses (4)

Answers (0)

Suggested answer

Jainam M. Kothari 6,643 on at

Like (1)

Report

Security Groups based on Entra with onPrem installation

May this can help : https://learn.microsoft.com/en-us/dynamics365/business-central/ui-security-groups

https://learn.microsoft.com/en-us/entra/architecture/4-secure-access-groups

https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/groups-concept
Suggested answer

YUN ZHU 81,857 Super User 2025 Season 1 on at

Like (1)

Report

Security Groups based on Entra with onPrem installation

Hi, hope the following helps.

https://learn.microsoft.com/en-us/dynamics365/business-central/ui-security-groups#business-central-online-and-on-premises

Thanks

ZHU
Suggested answer

Khushbu Rajvi. 15,085 Super User 2025 Season 1 on at

Like (2)

Report

Security Groups based on Entra with onPrem installation

Hope this helps: https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-aad-auth-onprem

https://learn.microsoft.com/en-us/dynamics365/business-central/ui-security-groups
Suggested answer

Holly Huffman 5,919 on at

Like (1)

Report
Security Groups based on Entra with onPrem installation

Hi there! Good morning, evening, or afternoon - depending on where you are :)

Hope you are well today!

here are some thoughts / suggestions & apologies if you've tried these already!

Entra (AAD) Security Groups with On-Premises BC

Compatibility: Business Central on-premises installations typically rely on Windows Authentication or Access Control Service (ACS) for user authentication. However, Entra (AAD) integration is more common in cloud-based deployments.

Limitation: Directly using Entra (AAD) security groups in an on-premises setup may not be supported out of the box, especially if ACS is being used instead of Azure AD Authentication.

Why "Normal" AD-Windows Groups Are Not Found

If you're unable to find Windows AD groups, it could be due to:

Authentication Mode: Ensure that the instance is configured to use Windows Authentication for group recognition.

Domain Trust Issues: Verify that the Business Central server is properly joined to the domain and can access the Active Directory.

Possible Workarounds

Hybrid Identity Setup:

Use Azure AD Connect to synchronize on-premises Active Directory groups with Entra (AAD). This allows you to manage groups in AD while making them available in Entra.

Ensure that the synchronized groups are accessible in your Business Central environment.

Switch to Azure AD Authentication:

If feasible, consider switching from ACS to Azure AD Authentication for your Business Central instance. This would enable better integration with Entra (AAD) security groups.

Custom Development:

If neither of the above options works, you may need to explore custom development to bridge the gap between Entra (AAD) and your on-premises Business Central installation.

Next Steps

Verify your current authentication setup in Business Central Administration.

Check if Azure AD Connect is configured for your environment.

Consider consulting with your partner or Microsoft Support to explore hybrid identity solutions.