Step 2b. Connected system configuration (SaaS)

Configuration for Business Central Online in another tenant, or with Dynamics 365 (for exemple Finance & Operations)

 

The OAuth authorization protocol is recommended for connection between SwissSalary and Business Central Online or Dynamics 365 applications.

 

I. Register an Azure Entra application for authentication for Business Central Online or Dynamics 365 applications

1.Log in to the Azure portal.

2.Enter “App registrations” in the search field, then click “New registration”.

3.Fill in the fields with the values below:

Name: Application display name. Example: “Business Central OAuth 2.0”

Supported account types: Select the option “Accounts in any organization directory (any Azure Entra directory – multi-tenant)”

Redirect URI (optional): Select “Web” in the “Select platform” field and enter the following URL in the field: “businesscentral.dynamics.com/OAuthLanding.htm”

4.Click “Register”.

 

 

II. Grant the registered application permissions API.ReadWrite.All for Dynamics 365 Business Central or AX.Full Access and OData.FullAccess for Dynamics 365 applications

1.Go to the “API permissions” menu item and click “Add permission”.

2.A. Business Central Online: Click the “Dynamics 365 Business Central” tile and then the “Application permissions” tile.

B. Dynamics 365 applications:  Click the “Dynamics ERP” tile and then the “Application permissions” tile.

3.A. Business Central Online: Check the “API.ReadWrite.All” option and click “Add permissions”.

B. Dynamics 365 applications:  Check the “Connector.FullAccess” option and click “Add permissions”.

 

(Hinweis: Bei den Dynamics 365 Applikationen, können folgende Berechtigungen - je nach UseCase - erteilt werden:

 

Authorization

Purpose

Connector.FullAccess

Mass data operations via the Data Management Framework (DMF). Suitable for imports/exports.

AX.FullAccess

Full access to Finance & Operations (F&O), including business logic and system functions. Very high authorization.

OData.FullAccess

Full access to data entities via the OData API, suitable for real-time data access and transactions

 

 

Step 3. Create a client secret for your application.

1.Go to the “Certificates & Secrets” menu item and click “New client secret key”.

2.Fill in the fields with the values below:

Description: “Business Central Client Service”.

Valid until: Select the “Recommended: 180 days (6 months)” option.

3.Click “Add”.

4.Securely copy and save the code from the “Value” column.

 

Step 4a. Add the created application to Business Central SaaS.

1.Open your SwissSalary365 Business Central instance.

2.In the search field, search and switch to “Microsoft Entra applications” and click on “New”

3.Fill in the fields with the following values:

Client ID: Enter your “Client-id”. (See step x point x)

Description: “Business Central OAuth 2.0”

Status: Select the “Enabled” option.

4. In the “User authorization sets” tab, add the corresponding authorization sets. The applications need the authorization sets with which the Cloud Connector applications can read, edit or delete the tables to be synchronized.

5. Click on “Give consent” and in the dialog box select the account with the “Global administrator” role and click on ‘Accept’ and “OK”.

 

Step 4b. Add the created application to Dynamics 365 Finance & Operations.

1.Open your Finance and Operations (F&O) instance.

2.Navigate to “System Administration”, ‘Setup’ and then to “Azure Entra Applications”.

3.Click on "New" and enter the following details:

Client ID: Insert the Application (Client) ID from Microsoft Entra ID.

Name: Enter a descriptive name (e.g. “F&O OAuth Integration”).

User ID: Assign a system user (this is used for authentication).

Activate the “Enabled” option.

4. Select the application and navigate to “User permissions” and assign the corresponding security role.