Power Automate and Business Central OAuth Authentication

2217 March 14, 2024

1     Overview

Microsoft has made OAuth authentication with Business Central the preferred security method. This article outlines the steps required to setup OAuth authentication and configure Power Automate for communication to ODATA web services in BC.

2     App Registration in Azure

  1. Logon to you Azure Portal
  2. Search for “App Registrations”
  3. Select New Registration
  4. Give the registration a logical name, such as “Business Central Web Services for Power Automate”
  5. Leave all other options as default and click Register.
  6. Click API permission from the left hand navigation and Add a permission.
  7. Under the Microsoft APIs tab select Dynamics 365 Business Central
  8. Select Application Permissions
  9. Check API.ReadWrite.All
  10. Click Add Permissions
  11. Click Grant admin consent and click yes to the dialog message
  12. Click on the left hand navigation to Authentication
  13. Select to add a platform
  14. Select Web
  15. For the Redirect URL, enter “https://businesscentral.dynamics.com/OAuthLanding.htm”
  16. Click Configure
  17. Click on the Overview page and copy the Object ID. Save it to a notepad such that it is available in the future steps.
  18. Open Windows PowerShell
    Run the command: Connect-AzureAD
  19. Replacing the Object ID captured in the previous step, run the following command:
    $startDate = Get-Date
    $endDate = ’12/30/2299′
    $aadAppsecret01 = New-AzureADApplicationPasswordCredential -ObjectId <enter object id> -CustomKeyIdentifier “Power Automate Secret” -StartDate $startDate -EndDate $endDate
  20. Lastly run the command: $aadAppsecret01
  21. Copy the Value of the key and save it to Notepad
  22. Click back on Overview from the left hand navigation and copy the Application (client) ID as well as the Directory (tenant) ID. Save them notepad such that they are available in the next step.

3     Business Central

  1. Logon to the Business Central as an administrator
  2. Search for Microsoft Entra Applications
  3. Click New
  4. Paste in the Client ID that was copied from the Azure AD application registration steps and give it a logical description such as “Power Automate App Registration”
  5. Mark the state as Enabled and accept the message
  6. For the user group, assign D365 BUS FULL ACCESS
  7. Click the Grant Consent button

Sign in and accept the permission request

4     Power Automate

  1. Logon to Power Automate and create an http action
  2. Select the Authentication as Active Directory OAuth
  3. Copy in the Tenant ID and Client ID that was saved earlier
  4. For the Audience specify “https://api.businesscentral.dynamics.com”
  5. Select Credential Type as Secret
  6. Copy in the secret that was saved earlier