You’re offline. This is a read only version of the page.
Hello Colleagues,
I need your assistance to setup SSO authenticating Business Central with Azure AD. I hope you can help me!
So I use next manual so set up this feature:
https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/authenticating-users-with-azure-active-directory
Let me describe my infrastructure and what I've done.
I have an on-premise AD that synchonized with Azure AD. And I have separate server (not in the domain) with Business Cental/SQL roles. I want to use credential from Azure AD to log on to the Business Cental.
Here is the manifest of App Registration on the Business Central APP:
Share
Report{
"id": "115691b8-***-****-****-************",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": null,
"allowPublicClient": false,
"appId": "3491b5d7-****-****-****-************",
"appRoles": [],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2019-03-22T11:08:01Z",
"groupMembershipClaims": null,
"identifierUris": [
"https://kov**********outlook.onmicrosoft.com/businesscentral"
],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": [],
"knownClientApplications": [],
"logoUrl": null,
"logoutUrl": null,
"name": "Business Central App",
"oauth2AllowIdTokenImplicitFlow": true,
"oauth2AllowImplicitFlow": true,
"oauth2Permissions": [
{
"adminConsentDescription": "Allow the application to access Business Central App on behalf of the signed-in user.",
"adminConsentDisplayName": "Access Business Central App",
"id": "b84db14e-****-****-****-***********",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": "Allow the application to access Business Central App on your behalf.",
"userConsentDisplayName": "Access Business Central App",
"value": "user_impersonation"
}
],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [
{
"customKeyIdentifier": "UwBl********************",
"endDate": "2299-12-30T21:00:00Z",
"keyId": "aa6b5ffd-****-****-****-***********",
"startDate": "2019-03-22T11:12:52.0389932Z",
"value": null,
"createdOn": null,
"hint": null,
"displayName": null
}
],
"preAuthorizedApplications": [],
"publisherDomain": "kov**********outlook.onmicrosoft.com",
"replyUrlsWithType": [
{
"url": "http://b***.***.cloudapp.azure.com:8080/BC130/SignIn",
"type": "Web"
}
],
"requiredResourceAccess": [
{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "311a71cc-****-****-****-***********",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADMultipleOrgs",
"tags": [],
"tokenEncryptionKeyId": null
}
Here is the setup windows of Azure AD in BC:
Azure AD App ID URI: https://kov**********outlook.onmicrosoft.com/businesscentral
WS meradata localtion link: login.microsoftonline.com/kov**********outlook.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml
WS Fedaration Login Endpoint: login.microsoftonline.com/kov**********outlook.onmicrosoft.com/wsfed?wa=wsignin1.0%26wtrealm=https://kov**********outlook.onmicrosoft.com/businesscentral%26wreply=http://b***.***.cloudapp.azure.com:8080/BC130/SignIn
Finally I assigned users to this application and create a user in BC with email (as a logon name of the user in AD).. But it doesn't work.
Where is the mistake? What did I miss?
Thank you!
K.
*This post is locked for comments
I have the same question (0)
All responses (
Answers (
