Authenticating Business Central Users with NavUserPassword


Azure Active Directory is now Microsoft Entra ID. Learn more

NavUserPassword is an authentication method that's handled by Business Central Server, but isn't based on Windows users or Active Directory. Each user is set up with a user name and password that's configured inside Business Central only. The user is prompted for username/password credentials when they start the client.


Obtain and set up security certificates on the Business Central deployment. NavUserPassword authentication requires the use of service certificates to help secure client connections over a wide area network (WAN). In a production environment, you should obtain a certificate from a certification authority or trusted provider. In a test environment, if you don't have a certificate, then you can create your own self-signed certificate. The implementation of certificates involves installation and configuration of the certificates on the Business Central Server server and client computers.

For more information, see Using Certificates to Secure Connections.


As you follow the instructions, don't change the credential type used by Business Central Server and Business Central Web Server for now. You'll change it later in this article.

Task 1: Set up your Business Central user account with a password

You can postpone this task for other users, but you must do this task for your user account. If you don't, you won't be able to sign in to Business Central after you switch to NavUserPassword authentication.

  1. Open the Business Central client.
  2. Go to the Users page, then open your user account.
  3. Under Business Central Password Authentication, choose the Review or update the value for password. button next to the Password field.
  4. Enter the password in the Password and Confirm Password fields, then choose OK.

You're now done with setting up your account.

Task 2: Configure Business Central Server

You can configure the Business Central Server by using the Business Central Server Administration tool or Business Central Administration Shell.


Starting in Business Central 2022 release wave 2 (v21), the Business Central Server Administration tool is no longer available. Use the Business Central Administration Shell instead.

  1. Open the Business Central Server Administration tool.

  2. In the General tab, set the Credential Type to NavUserPassword.

  3. Restart the server instance.

For more information about the tool, see Business Central Server Administration Tool.

Task 3: Configure Business Central Web Server components

Configure the Business Central Web Server components to use NavUserPassword as the credential type.

  1. Open the navsettings.json for the Business Central Web Server in a text or code editor, such as Notepad or Visual Studio Code.

  2. Set the ClientServicesCredentialType key value to NavUserPassword.

    "ClientServicesCredentialType":  "NavUserPassword",
  3. Save the navsettings.json file

For more information, see Configure Configuring Business Central Web Server Instances.

Next steps

  1. Set up other Business Central users with a Business Central password, like you did in Task 1.
  2. (Optional) Set web service accounts as needed. For more information, see How to use an Access Key for SOAP and OData Web Service Authentication.

See Also

Authentication and Credential Types
Troubleshooting: SAML2 token errors with Microsoft Entra ID/Office 365 Authentication
Migrating to Multitenancy