Configuring Authentication and Single Sign-On Between Microsoft Dynamics NAV and SharePoint

  • Article

This topic provides an overview of how to configure user authentication with SharePoint.

Configuring User Authentication for SharePoint Online and SharePoint On-Premises

SharePoint Online and SharePoint on-premises support different authentication methods. This means that depending on your SharePoint deployment, you must configure Dynamics NAV differently. The configuration applies to the Microsoft Dynamics NAV Server instances, the user setup, and the Dynamics NAV clients that users can use.

SharePoint Online

For SharePoint Online, the following Dynamics NAV configurations are available:

Client Type Microsoft Dynamics NAV Server Credential Type Authentication Mechanism
Microsoft Dynamics NAV Web client AccessControlService Microsoft Azure Active Directory (Azure AD)
Microsoft Dynamics NAV Windows client AccessControlService Azure AD added to an Access Control service (ACS) namespace. Important: The Microsoft Dynamics NAV Windows client is currently not supported if the Dynamics NAV deployment must be accessed by more than on Azure AD tenant.

SharePoint On-Premise

When you want to deploy apps to SharePoint on-premises, you must configure the SharePoint sites first. For more information, see Configure an environment for apps for SharePoint and Plan for apps for SharePoint 2013 on TechNet.

For SharePoint on-premises that must be accessible from the internet so that SharePoint and Dynamics NAV are publicly accessible, the following Dynamics NAV configurations are available:

Client Type Microsoft Dynamics NAV Server Credential Type Authentication Mechanism
Microsoft Dynamics NAV Web client AccessControlService Azure AD

-Or-

Azure AD added to an Access Control service (ACS) namespace.
Microsoft Dynamics NAV Windows client AccessControlService Azure AD added to an Access Control service (ACS) namespace.

Important

If you use Azure AD as the authentication mechanism, your app for SharePoint must open the Microsoft Dynamics NAV Web client in full screen mode in SharePoint on-premises deployments. For more information, see Troubleshooting: Microsoft Dynamics NAV and SharePoint.

For SharePoint on-premises that must be accessible from an intranet so that SharePoint and Dynamics NAV are accessed only on-premises, the following Dynamics NAV configurations are available:

Client Type Microsoft Dynamics NAV Server Credential Type Authentication Mechanism
Microsoft Dynamics NAV Web client Windows

-Or-

AccessControlService		 Windows authentication

-Or-

Azure AD
Microsoft Dynamics NAV Windows client Windows Windows authentication

Note

The security zones that the security mechanisms in Internet Explorer rely on can lead to unexpected behavior when users access the Microsoft Dynamics NAV Web client from SharePoint. For more information, see Troubleshooting: Microsoft Dynamics NAV and SharePoint.

Configuring Single Sign-on

As part of a SharePoint Online subscription, you also get an Azure AD tenant. The Azure AD tenant handles user authentication when users sign in to SharePoint Online. To enable a seamless integration between SharePoint Online and Dynamics NAV, you must configure Dynamics NAV to authenticate users against the same Azure AD tenant. This will enable single sign-on between the two applications, so that users will only have to sign in once. Also, Dynamics NAV web parts that are embedded on SharePoint pages will work. You can work with Azure AD management in the Azure management portal, or you can use Azure AD Module for Windows PowerShell cmdlets. For more information, see Authenticating Users with Azure Active Directory.

For more information about how to achieve single sign-on between Dynamics NAV and SharePoint based on Azure AD, see Authenticating Users with Azure Active Directory.

See Also

Multitenant Deployment Architecture
Developing and Installing a Microsoft Dynamics NAV Apps for SharePoint
Authenticating Users with Azure Active Directory
Troubleshooting: Microsoft Dynamics NAV and SharePoint