Authenticating Business Central Users with NavUserPassword
Note
Azure Active Directory is now Microsoft Entra ID. Learn more
NavUserPassword is an authentication method that's handled by Business Central Server, but isn't based on Windows users or Active Directory. Each user is set up with a user name and password that's configured inside Business Central only. The user is prompted for username/password credentials when they start the client.
Preparation
Obtain and set up security certificates on the Business Central deployment. NavUserPassword authentication requires the use of service certificates to help secure client connections over a wide area network (WAN). In a production environment, you should obtain a certificate from a certification authority or trusted provider. In a test environment, if you don't have a certificate, then you can create your own self-signed certificate. The implementation of certificates involves installation and configuration of the certificates on the Business Central Server server and client computers.
For more information, see Using Certificates to Secure Connections.
Important
As you follow the instructions, don't change the credential type used by Business Central Server and Business Central Web Server for now. You'll change it later in this article.
Task 1: Set up your Business Central user account with a password
You can postpone this task for other users, but you must do this task for your user account. If you don't, you won't be able to sign in to Business Central after you switch to NavUserPassword authentication.
- Open the Business Central client.
- Go to the Users page, then open your user account.
- Under Business Central Password Authentication, choose the
button next to the Password field. - Enter the password in the Password and Confirm Password fields, then choose OK.
You're now done with setting up your account.
Task 2: Configure Business Central Server
You can configure the Business Central Server by using the Business Central Server Administration tool or Business Central Administration Shell.
Important
Starting in Business Central 2022 release wave 2 (v21), the Business Central Server Administration tool is no longer available. Use the Business Central Administration Shell instead.
Open the Business Central Server Administration tool.
In the General tab, set the Credential Type to NavUserPassword.
Restart the server instance.
For more information about the tool, see Business Central Server Administration Tool.
Task 3: Configure Business Central Web Server components
Configure the Business Central Web Server components to use NavUserPassword as the credential type.
Open the navsettings.json for the Business Central Web Server in a text or code editor, such as Notepad or Visual Studio Code.
Set the
ClientServicesCredentialTypekey value toNavUserPassword."ClientServicesCredentialType": "NavUserPassword",Save the navsettings.json file
For more information, see Configure Configuring Business Central Web Server Instances.
Next steps
- Set up other Business Central users with a Business Central password, like you did in Task 1.
- (Optional) Set web service accounts as needed. For more information, see How to use an Access Key for SOAP and OData Web Service Authentication.
See Also
Authentication and Credential Types
Troubleshooting: SAML2 token errors with Microsoft Entra ID/Office 365 Authentication
Migrating to Multitenancy
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for