Centage supports Service-to-Service (S2S) authentication for Microsoft Dynamics 365 Business Central using OAuth 2.0. This method enables secure, non-interactive data integration without the need for user credentials.

If your team chooses to proceed with this approach, follow the steps below to configure and provision access for Centage using Microsoft Entra ID (formerly Azure AD).

Prerequisites

To proceed, your organization must:

• Use Microsoft Dynamics 365 Business Central

• Have administrative access to Microsoft Entra (Azure AD)

• Be able to share credentials securely with Centage

Task 1 - Register the Application in Microsoft Entra

1. Sign into your Entra Domain
2. Register an application
   • Notate the Application (Client) ID
3. Create a client secret for the registered application as follows:
   • Select Certificates & secrets > New client secret
   •  
   • Add a description, select a duration, and select Add
   • Notate the Client Secret
4. Grant the registered application API.Read.All and Automation.Read.All permission to the Dynamics 365 Business Central API as follows:

1. 1. Select API permissions > Add a permission > Microsoft APIs

   2. Select Dynamics 365 Business Central

   3. Select Application permissions, then select:

      • API.Read.All

      • Automation.Read.All

   4. Select Add permissions

      • Dynamics 365 Business Central / API.Read.All
      • Dynamics 365 Business Central / Automation.Read.All
   5. (Optional) Grant admin consent on each permission by selecting it in the list, then selecting Grant admin consent for <tenant name>.
      • This step isn't required if you'll be granting consent from the Business Central web client in Task 2.
   6. Securely provide the following to Centage:
      • Azure Tenant
      • Application ID (Client ID)
      • Client Secret

Task 2 - Grant access to application in Azure

1. In the Business Central client, search for Microsoft Entra applications and open the page

2. Select New

3. The Microsoft Entra application card opens

4. In the Client ID field, enter the Application (Client) ID for the registered application in Microsoft Entra ID from Task 1

5. Fill in the Description field

   If this application is set up by a partner, please enter sufficient partner-identifying information so all applications set up by this partner can be tracked in the future if necessary

6. Set the State to Enabled

7. Assign permissions at minimum Effective Permissions:

• CodeUnit – All objects of type Codeunit

• Page – Chart Of Accounts: Execute

• Query – Dimension Set Entries: Execute

• Query – G/L Budget Entries: Execute

• Query – G/L Entries: Execute

• Table – Dimension: Execute

• Table – G/L Accounts: Execute

• TableData – Dimension: Read

• TableData – Dimension Set Entry: Read

• TableData – Dimension Translation: Read

• TableData – Dimension Value: Read

• TableData – G/L Account: Read

• TableData – G/L Budget Entry: Read

• TableData – G/L Entry: Read

• TableData – General Ledger Setup: Read

• TableData – Page Data Personalization: Read

• TableData – Tenant License State: Read

• TableData – User Login: Read

• TableData – User Property: Read

• TableData – User Plan: Read

• TableData – Upgrade Tags: Read

8. (Optional) Select Grant Consent and follow the wizard

   This step will grant consent to the API. It is only required if you haven't granted consent from the Azure portal in Task 1. You can only complete this step if you've configured a redirect URL in the registered Microsoft Entra app.