Skip to content

Configuration of an App Registration in Azure

The following steps must be completed to create an App Registration in Document Central. An App Registration is required by Document Central to utilize all available features of Document Central.

Info

To perform this setup, it is necessary that the Administrator account exists in both Business Central and the Azure Portal, as only administrators have the necessary permissions.

Business Central (On-Premise)

Creating the App Registration automatically from Business Central On-Premise is not feasible. Therefore, the creation of the App Registration needs to be done manually through the Azure Portal.

Creating the Azure App Registration in Azure Portal

The following steps will guide you on how to create a new App Registration for Document Central in Azure Portal.

  1. Log in to the Azure Portal at Azure Portal.
  2. Click on the Azure Active Directory icon in the left-hand navigation menu.
  3. In the Azure Active Directory menu, click on App Registrations.
  4. Click the New registration button.
  5. Enter the name Document Central in the Name field.
  6. Choose the appropriate Supported account types option for the app registration.
  7. Enter the appropriate Redirect URI for your app registration. This is the URI that Azure AD will redirect the user to after authentication. The URI should be set to Web for the platform and written in the following format https://**external Business Central address/BC/OAuthLanding.htm**.
  8. Click the Register button to create the app registration.
  9. On the app registration page, note the Application (client) ID and Directory (tenant) ID. This is the unique identifier for your app registration that you will need to use when configuring your Document Central in Business Central.
  10. Under the Certificates & secrets tab, click New client secret to create a new secret that will be used to authenticate your app with Azure AD.
  11. Enter a description for the secret, select an expiration date, and click Add.
  12. Note the generated secret value, as it will only be displayed once and cannot be retrieved later. Please take a note of the secret value as it is needed to configure Document Central in Business Central.

  13. Under the API permissions tab, click Add a permission and add the following permissions.

    Permission group API / Permission name Type Description
    Azure Service Management user_impersonation Delegated Access Azure Service Management as organization users
    Microsoft Graph offline_access Delegated Maintain access to data you have given it access to
    Microsoft Graph User.Read Delegated Sign in and read user profile
    Microsoft Graph User.Read.All Application Read all users' profiles
    Microsoft Graph Sites.ReadWrite.All Application Read and write items in all site collections
    Microsoft Graph GroupMember.ReadWrite.All Application Read and write all group memberships
    SharePoint AllSites.FullControl Delegated Have full control of all site collections
    SharePoint AllSites.Read Delegated Read items in all site collections
    SharePoint Sites.FullControl.All Application Have full control of all site collections
    SharePoint Sites.ReadWrite.All Application Read and write items in all site collections

  14. Click the Grant admin consent button to grant the permission an admin consent.

Creating Certificate

Creating a Client Certificate allows Document Central to authenticate to SharePoint without the need to impersonate the user. This also avoids the problem of the token expiring, which can happen when working with a user context. The use of a Client Certificate is optional. However, if you want to use a Client Certificate to authenticate to SharePoint, the following steps will guide you on how to create a Client Certificate for Document Central.

  1. Navigate to Ceritificates and follow the steps to create a Client Certificate. The .pfx file and the .cer files are needed. Please take a note of the password of the .pfx file as it is needed to configure Document Central in Business Central.
  2. Navigate to the created Azure App Registration for Document Central.
  3. Under the Certificates & secrets tab, click Certificates tab.
  4. Click on Upload certificate then upload the .cer file and write a description.
  5. Click on Add to save the certificate.
  6. The pfx file will be uploaded in the Document Central configuration.

Adding role to a Subscription

Assigning Document Central app a role in a subcription is necessary to enable them to create and configure a storage account for Azure Blob Storage. However, if Azure Blob Storage is not utilized in Document Central in the subcription, this step can be skipped.

Info

The role assignment could only be done by an administrator account.

  1. Log in to the Azure Portal at Azure Portal.
  2. Search for Subscriptions using the search bar.
  3. If you have multiple subscriptions, select the one intended for Azure Blob Storage since a storage account must have a subscription.
  4. Go to the Access control (IAM) tab and click on the Role assignment tab.
  5. Click Add button and select Add role assignment.
  6. Under the Role tab, choose the Contributor role and click Next.
  7. Click the Select members button under the Members tab, then add Document Central.
  8. Click on Review + assign to complete the role assignment process.

Entering the Azure App Registration information in Business Central

The following steps will guide you on how to configure the App Registration for Document Central through the App Registration Wizard.

  1. Navigate to Document Central - Module Setup.
  2. Click on the Configure App Registration action in the Document Central - Module Setup to proceed.
  3. An App Registration Wizard will appear. Click on Begin to start the configuration.
  4. To continue this step, it is necessary to already have an App Registration prepared for Document Central. If you have not created an App Registration for Document Central, please refer to the Creating the Azure App Registration in Azure Portal section.
  5. Fill the App Registration Name, Client ID, Client Secret, Tenant ID, and Redirect URL fields.
  6. Once all fields are filled correctly, click on Next to proceed with the configuration.
  7. The Client Certificate configuration page will be shown, this step is optional, and can be skipped by clicking on Next and skip to step 10. However, if you want to use a Client Certificate to authenticate to SharePoint, a Certificate needs to be prepared.
  8. Click on the Certificate Key field to open a pop-up which allows you to select the .pfx file that was created in the Creating Certificate step.
  9. Enter the password of the .pfx file in the Certificate Key Password field, and click on Next to proceed with the configuration.
  10. Upon clicking Finish the changes will be applied to the App Registration settings in Document Central.

Warning

  • If the App Registration is not configured correctly, the Document Central will not be able to function properly in some area.
  • Existing App Registration will be overwritten upon finishing the App Registration Wizard.

See also