1     Overview

Microsoft has made OAuth authentication with Business Central the preferred security method. This article outlines the steps required to setup OAuth authentication and configure the DynamicPoint EasyEXP365 application to leverage this authentication method.

Authentication to BC through Entra ID requires an app registration in Entra ID, registration of the client ID of that app in BC itself and registration of that app in DynamicPoint EasyEXP365.

2     App Registration in Azure

1. Logon to you Azure Portal
2. Search for “App Registrations”
   
3. Select New Registration
4. Give the registration a logical name, such as “Business Central Web Services for EasyEXP365”
5. In the redirect URL select “Web” and define the redirect as https://businesscentral.dynamics.com/OAuthLanding.htm
6. Leave all other options as default and click Register.
7. Click API permission from the left hand navigation and Add a permission.
8. Under the Microsoft APIs tab select Dynamics 365 Business Central
   
9. Select Application Permissions
   
10. Check API.Read.Write.All
    
11. Click Add Permissions
12. Click Grant admin consent and click yes to the dialog message
    
13. At this point the permissions of your application should look like this:
    
14. The next step is to provide security to your app. Go to Certificates and Secrets from the left menu and click New client secret:
15. On the next dialog provide a description of the secret and expiration, then click Add
16. Make sure you copy the new secret immediately, as later it will not be available for copying:
    
17. If you lose the secret, you will need to create a new one and register in the client application.
18. Alternatively, you can register a certificate to authenticate with the app (you will need the .cer version of the cert here):
    With that the app registration is complete. Keep the app registration open, as we’ll have to come back to it while registering the app in EasyEXP365/Tenant Admin and BC.

3     Business Central Registration

1. Log in to Business central application, click on the search icon and type Microsoft Entra Application.
   
   
2. Click Microsoft Entra Application from the results. On the new dialog click New
   
   
3. The Entra Application Card appears:
   
4. You need to get the Client ID from the app registration that was just created. Go to Overview from the left menu and copy the Application (Client ID):
   
5. Paste it into Client ID. Set a Description and change the State to Enabled. On the next dialog click Yes:
   
6. Assign the appropriate permissions. For this example we grant full access.
7. Now permissions should look like this (this can be changed based on your desired EasyEXP365 functionality):
   
8. Click Grant Consent to provide consent to the app registration in BC
   

4     EasyEXP365

In EasyEXP365 you can configure credentials either directly in the application as custom credentials or you can create predefined credentials in Tenant Admin and pick them in the application. This can be useful in cases when a client uses more than one DynamicPoint product and connects from them to the same BC instance. This section will cover the configuration directly in the application.

1. Logon to the application as an administrator
2. Click the gear in the upper right corner and select ERP settings
   
3. With the Security Settings section, under Credential Type, select Azure AD Application
   
4. Complete the following fields:
   – Title
   – Credential Type: Azure AD Application
   – Credential Configuration: Custom
   – Client ID – With the value copied from the registration
   – Client Secret – With the value copied from the registration
   
5. Click test and ensure it is successful
6. Click save