This topic provides an overview of how to configure user authentication with SharePoint.

Configuring User Authentication for SharePoint Online and SharePoint On-Premises

SharePoint Online and SharePoint on-premises support different authentication methods. This means that depending on your SharePoint deployment, you must configure Microsoft Dynamics NAV differently. The configuration applies to the Microsoft Dynamics NAV Server instances, the user setup, and the Microsoft Dynamics NAV clients that users can use.

SharePoint Online

For SharePoint Online, the following Microsoft Dynamics NAV configurations are available:

Client Type Microsoft Dynamics NAV Server Credential Type Authentication Mechanism

Microsoft Dynamics NAV Web client

AccessControlService

Microsoft Azure Active Directory (Azure AD)

Microsoft Dynamics NAV Windows client

AccessControlService

Azure AD added to an Access Control service (ACS) namespace.

Important
The Microsoft Dynamics NAV Windows client is currently not supported if the Microsoft Dynamics NAV deployment must be accessed by more than on Azure AD tenant.

SharePoint On-Premise

When you want to deploy apps to SharePoint on-premises, you must configure the SharePoint sites first. For more information, see Configure an environment for apps for SharePoint and Plan for apps for SharePoint 2013 on TechNet.

For SharePoint on-premises that must be accessible from the internet so that SharePoint and Microsoft Dynamics NAV are publicly accessible, the following Microsoft Dynamics NAV configurations are available:

Client Type Microsoft Dynamics NAV Server Credential Type Authentication Mechanism

Microsoft Dynamics NAV Web client

AccessControlService

Azure AD

-Or-

Azure AD added to an Access Control service (ACS) namespace.

Microsoft Dynamics NAV Windows client

AccessControlService

Azure AD added to an Access Control service (ACS) namespace.

Important
If you use Azure AD as the authentication mechanism, your app for SharePoint must open the Microsoft Dynamics NAV Web client in full screen mode in SharePoint on-premises deployments. For more information, see Troubleshooting: Microsoft Dynamics NAV and SharePoint.

For SharePoint on-premises that must be accessible from an intranet so that SharePoint and Microsoft Dynamics NAV are accessed only on-premises, the following Microsoft Dynamics NAV configurations are available:

Client Type Microsoft Dynamics NAV Server Credential Type Authentication Mechanism

Microsoft Dynamics NAV Web client

Windows

-Or-

AccessControlService

Windows authentication

-Or-

Azure AD

Microsoft Dynamics NAV Windows client

Windows

Windows authentication

Note
The security zones that the security mechanisms in Internet Explorer rely on can lead to unexpected behavior when users access the Microsoft Dynamics NAV Web client from SharePoint. For more information, see Troubleshooting: Microsoft Dynamics NAV and SharePoint.

Configuring Single Sign-on

As part of a SharePoint Online subscription, you also get an Azure AD tenant. The Azure AD tenant handles user authentication when users sign in to SharePoint Online. To enable a seamless integration between SharePoint Online and Microsoft Dynamics NAV, you must configure Microsoft Dynamics NAV to authenticate users against the same Azure AD tenant. This will enable single sign-on between the two applications, so that users will only have to sign in once. Also, Microsoft Dynamics NAV web parts that are embedded on SharePoint pages will work. You can work with Azure AD management in the Azure management portal, or you can use Azure AD Module for Windows PowerShell cmdlets. For more information, see Authenticating Users with Azure Active Directory.

For more information about how to achieve single sign-on between Microsoft Dynamics NAV and SharePoint based on Azure AD, see Authenticating Users with Azure Active Directory.

See Also