CREATE AZURE APP REGISTRATION

Please follow these steps to create the required App Registration in your Azure Tenant:

  1. Open the Azure Portal (portal.azure.com) and navigate to the “Microsoft Entra ID” page.
  2. From the Microsoft Entra ID page, open the “App Registrations” page. (Manage – App Registrations)
  3. Click on the “+ New Registration” to create a new App Registration
  4.  Give the App Registration a meaningful name and click on “Register” to create the registration. The name used to recognize it when using the Device Code Flow (Learn more) later on in Business Central.
  5. When the App Registration is completed, you’ll be guided to the overview page.
    At this point it’s already good to note down the following two fields:
    1. Application (client) ID
    2. Directory (tenant) ID
  6. Open the “Authentication” page (Manage – Authentication)
  7. Make sure the authentication is set to “Allow public client flows“. This will make sure that the Device Code Flow will work.
  8. Next, open the “API permissions” page (Manage – API permissions) and use the button “+ Add a permission” to add the permission user_impersonation from the Azure Service Management API.
  9. When the box for user_impersonation is ticked, click on “Add permissions
  10. We also need to add permissions for Business Central, so again use the button “+ Add a permission” to add permissions from the Dynamics 365 Business Central section
  11. Tick the boxes for permissions API.ReadWriteAll and Automation.ReadWriteAll and click on “Add permissions”.
  12. Next, open the “Certificates & Secrets” page (Manage – Certificates & Secrets) and use the button “+ New client secret” to create a new secret.
    This secret is used by the Azure Function running as subscriber to the IoT Hub to authenticate to your Business Central configuration as valid login for the Web service.
  13. Once you’ve added a new client secret, make sure to copy/paste or note down the generated secret value. This is the only time you’re able to see this secret. If you do not have it, you need to create a new secret.
  14. The last thing to do, is to click on “Grant admin consent for <user>” to finish the App Registration.

When the App Registration is later on used in Business Central from the 1Vision365 IoT Setup Wizard, it will show up like below when starting the authentication flow: