Microsoft Dynamics 365 Business Central – OAuth Setup - Celigo Connection Tutorial

Since there were no in-depth tutorials available on the Celigo Community, I decided to share a complete and practical guide. OAuth setup for Microsoft 365 Business Central can be tricky, so I’ve documented the full process to help you connect M365 to Celigo more easily:

:page_facing_up: Provided by Teknuro.com
For questions or implementation support, contact: nuri@teknuro.com

:red_exclamation_mark:Background

Microsoft has deprecated the use of Web Service Access Keys for Business Central Online. Integrations must now use OAuth2.0.

This guide walks you through creating an OAuth App Registration in Azure Portal for use with Celigo integrator.io or other integration platforms.

:white_check_mark: Step-by-Step: Set up OAuth in Azure

1. Go to Azure Portal

Navigate to: https://portal.azure.com

2. Register a new application

  • Search for App registrations

  • Click New registration

  • Fill in:
    • Name: (e.g., Celigo Demo)
    • Supported account types: Choose as per your organization
  • Click Register

3. Configure Authentication

  • For redirect URI, enter:
    https://integrator.io/connection/oauth2callback
  • Click Configure

4. Set API Permissions

  • Go to API permissions
  • Click Add a permission

  • Choose Dynamics 365 Business Central****First:
    • Select Delegated permissions


  • Add required scopes (e.g., Financials.ReadWrite.All, etc.)

5. Create Client Secret

  • Go to Certificates & secrets
  • Click New client secret
  • Add description and expiry (e.g., 6 or 12 months)
  • Click Add


:paperclip: Example Output (For Reference Only)

Save the Client ID and Secret Value.

:warning: Store the Client Secret securely. You cannot retrieve it again later.
:warning: Creating a Business Central connection via OAuth still uses the Azure App Registration, which may grant higher privileges than intended if the app has broad permissions — bypassing user-level scope limitations.

Create Connection in Celigo

  • Go to Connections
  • Create Connection
  • Select Microsoft Dynamics 365 Business Central application and select for example API:

  • Enter your Microsoft Dynamics 365 Business Central environment.
    How to retrieve the environment name:
  1. Sign in to the Microsoft Dynamics 365 Business Central admin center.
  2. Click Environment .
  3. Copy the Environment Name

Name here is Production, so we fill in Production:

:white_check_mark:Now the connection should work and you will see a online connection:

If it is not working, you can also switch to the HTTP tab in the connection to be created:

As a base uri fill in: https://api.businesscentral.dynamics.com/v2.0/Production/api

(Production is your environment name here)

Then scroll down and select OAuth 2.0 as the Auth:

Click on the plus and create the iClient.
Here you will fill in a name and the client id and secret (which we generated in azure in the previous steps

Now click on Save & Authorize and it should work now:


:blue_book: Notes

  • This OAuth setup is required for all new integrations with Microsoft Dynamics 365 Business Central Online.
  • Use these credentials to authenticate in Celigo’s HTTP connector or prebuilt Business Central connector using OAuth 2.0.
6 Likes

@nuriensing You've been such a great part of the Celigo Connective community from its inception and this post is another great example of your awesome partnership. Thank you for taking the time to share your knowledge in such a detailed and thoughtful way! :clap:

1 Like

Thank you so much for the kind words, I truly appreciate it!

1 Like

Separately, I've sent this to @stephenbrandt and his docs team to improve our docs around this! As you can imagine, doing this for all 800 connections is a challenge so we appreciate the help!

1 Like

I just need to highlight one more part.

When creating a connection via Celigo > Microsoft 365 Business Central using OAuth 2.0, the process still opens a Microsoft consent screen — a pop-up that asks the user to grant permissions to the app.

Even if the OAuth app in Azure is configured with limited scopes (e.g., Financials.ReadWrite), the connection still results in full read/write access within Business Central. This behavior suggests that the actual access granted may exceed the scope requested, which is concerning.

Feel free to add insights about this.