Table of Contents

S2S setup guide

Learn how to set up a Service-to-service authentication between DynamicWeb and D365 Business Central, Finance & Operations or CRM

DynamicWeb 10 supports Service-to-Service (sometimes referred to as S2S or Server-to-Server) authorization.

There are three fundamental steps in an S2S configuration:

  • Configuring an App registration in Microsoft Entra admin center
  • Adding the application in your ERP or CRM
  • Adding a corresponding authentication in Dynamicweb

App registration in Microsoft Entra

To add an app registration go to https://entra.microsoft.com > Applications > App registrations > New registration, choose single tenant application access and give your application a suitable name.

App registrations in Microsoft Entra

Next, copy the Application (client) ID and the Directory (Tenant) ID from the App overview screen and go to Certificates & secrets to add a new Client secret. Make sure to copy the value of the client secret once it is added, since this will be hidden henceforth.

Go to Authentication and a new web platform. Add the URL of your DynamicWeb solution to the list of redirect URIs.

For S2S authorization to a Business Central client, you should also add the URL https://businesscentral.dynamics.com/OAuthLanding.htm for cloud hosted Business Central instance. If you are using an on-prem version, insert the URL of your Business Central browser client, followed by /oauthlanding.htm - for example: https://MyServer/BC200/OAuthLanding.htm

Finally, go to API permissions and add a new permission for the application (Dynamics 365 Business Central/Dynamics ERP/Dynamics CRM). The type of permission should be set to Application permission. Select the appropriate permissions from the available options. The required permission is most likely API.ReadWrite.All but please refer to the official Entra API permission documentation to learn more.

Check out this Microsoft learn article for more information on Entra app registrations.

Adding the application in the remote system

After registering the application in Entra, the next step is to add it to your remote system. How to do that, depends on the system. Follow the guides below to learn how to add the application to either your Business Central, Finance & Operations or Dynamics CRM environment.

Business Central

To add your new application to your cloud hosted Business Central instance, open the BC web interface and search for Microsoft Entra Applications.

In here, click new, paste the Client ID of your application and change the State to enabled. Please notice that your Business Central user needs SECURITY permission to change states of Entra apps.

Microsoft Entra application card in Business Central

Configuring application permissions

To configure what is exposed through the Microsoft Entra Application:

  • Go to the User Permissions Sets menu at the bottom of the Application Card
  • Add the D365 BUS FULL ACCESS permission to the list of User Permission Sets.

To use the S2S authentication with a Live integration utilizing a DynamicWeb Plug-in unit, you also need to add the dedicated DYNAMICWEBPERMISSION (Business Central plug-in unit version 1.2.0.29 or later required)

User Permission Sets

To complete the setup of your Entra application, you (or a member of the organization with the appropriate privileges) must grant consent for the application to expose data. There are two possible ways of doing this:

The first way is to click the Grant Consent button in the Application Card from within the Business Central Web interface. This will bring up a log-in window, where you can use your Entra credentials to grant consent.

Granting consent inside Business Central

However, granting consent requires one of the following three Microsoft Entra roles:

  • Global Administrator
  • Application Administrator
  • Cloud Application Administrator

If you have not been assigned such a role in Microsoft Entra, it is possible to let an administrator of one of the aforementioned kinds grant consent through the Microsoft Entra web interface instead.

Consent is granted in the API permissions area of Entra as shown below.

Granting consent from Entra

The official details on the using S2S with Business Central can be found here.

Finance & Operations

To add your Microsoft Entra application in Finance & Operations, search for Microsoft Entra Applications, click new, add the Client ID of your application, a suitable name and select a user (you can select the ADMIN user or any available user with the required permissions).

Check out this article for the official details on using S2S authentication with Dynamics 365 Finance & Operations

Dynamics CRM

To add your Microsoft Entra application to your CRM instance, go to the Power Platform Admin Center, select your environment and open S2S apps.

Add a new app user, and select your Microsoft Entra application from the list of available apps.

Adding the authentication in DynamicWeb

To use the configured S2S authentication in DynamicWeb, you can add the credentials to an endpoint collection or directly on a stand alone request.

Microsoft Entra application card in Business Central An S2S configuration on an endpoint collection

To top