web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Business Central Windo...
Small and medium business | Business Central, N...
Suggested Answer

Business Central Windows Group Permissions with Azure AD Single Sign-On

(0) ShareShare
ReportReport
Posted on by dbarreto 10

Hello,

In a BC17 installation we've implemented the single sign-on with Azure AD, following the steps in https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/authenticating-users-with-azure-active-directory?tabs=singletenant%2Cadmintool.

In BC17 the permissions are set in the Windows Group User.

pastedimage1622634174691v1.png

And the user has no permissions.

pastedimage1622634174692v2.png

Since the user belongs to the Windows Group it should inherit the Windows Group permissions.

However, when the user tries to login it has a "Access Denied" error. 

pastedimage1622634174694v3.png

In the MS documentation Windows Groups are not mentioned, so we tried to add the Authentication E-Mail to the Windows Groups, and the following permissions in API Permissions in Azure AD:

  • Group.Read.All 
  • GroupMember.Read.All
  • User.Read

But with no success.

Has anyone been through this?

BR.

I have the same question (0)
  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels Microsoft Employee on at

    Hello,

    It used to work like this.

    1. Add all users with no permissions sets added.

    2. Add the groups with the relevant permissions

    3. Add members to the relevant groups

    The users must however exist, but you do not need to assign permissions.

    Thanks.

  • andrew D Profile Picture
    andrew D 10 on at

    Did you ever get this solved? I cannot seem to make it work. It's as if it just ignores AD group membership if the user has an AAD auth email assigned - at least on BC19.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Congratulations to our 2025 Community Spotlights

Thanks to all of our 2025 Community Spotlight stars!

Congratulations to the February Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 2,055 Super User 2026 Season 1

#2
YUN ZHU Profile Picture

YUN ZHU 1,063 Super User 2026 Season 1

#3
Dhiren Nagar Profile Picture

Dhiren Nagar 1,014 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans