web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Business Central Windo...
Small and medium business | Business Central, N...
Suggested Answer

Business Central Windows Group Permissions with Azure AD Single Sign-On

(0) ShareShare
ReportReport
Posted on by dbarreto 10

Hello,

In a BC17 installation we've implemented the single sign-on with Azure AD, following the steps in https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/authenticating-users-with-azure-active-directory?tabs=singletenant%2Cadmintool.

In BC17 the permissions are set in the Windows Group User.

pastedimage1622634174691v1.png

And the user has no permissions.

pastedimage1622634174692v2.png

Since the user belongs to the Windows Group it should inherit the Windows Group permissions.

However, when the user tries to login it has a "Access Denied" error. 

pastedimage1622634174694v3.png

In the MS documentation Windows Groups are not mentioned, so we tried to add the Authentication E-Mail to the Windows Groups, and the following permissions in API Permissions in Azure AD:

  • Group.Read.All 
  • GroupMember.Read.All
  • User.Read

But with no success.

Has anyone been through this?

BR.

I have the same question (0)
  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at

    Hello,

    It used to work like this.

    1. Add all users with no permissions sets added.

    2. Add the groups with the relevant permissions

    3. Add members to the relevant groups

    The users must however exist, but you do not need to assign permissions.

    Thanks.

  • andrew D Profile Picture
    andrew D 10 on at

    Did you ever get this solved? I cannot seem to make it work. It's as if it just ignores AD group membership if the user has an AAD auth email assigned - at least on BC19.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 3,151

#2
Jainam M. Kothari Profile Picture

Jainam M. Kothari 1,443 Super User 2025 Season 2

#3
YUN ZHU Profile Picture

YUN ZHU 1,092 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans