Microsoft Dynamics 365 Business Central – OAuth Setup - Celigo Connection Tutorial

Integrator.io
1

Since there were no in-depth tutorials available on the Celigo Community, I decided to share a complete and practical guide. OAuth setup for Microsoft 365 Business Central can be tricky, so I’ve documented the full process to help you connect M365 to Celigo more easily:

:page_facing_up: Provided by Teknuro.com
For questions or implementation support, contact: nuri@teknuro.com

:red_exclamation_mark:Background

Microsoft has deprecated the use of Web Service Access Keys for Business Central Online. Integrations must now use OAuth2.0.

This guide walks you through creating an OAuth App Registration in Azure Portal for use with Celigo integrator.io or other integration platforms.

:white_check_mark: Step-by-Step: Set up OAuth in Azure

1. Go to Azure Portal

Navigate to: https://portal.azure.com

2. Register a new application

  • Search for App registrations

This image shows the Microsoft Azure portal homepage with a search bar being used to find 'app registration,' displaying related services and documentation. (Captioned by AI)
This image shows the Microsoft Azure portal homepage with a search bar being used to find 'app registration,' displaying related services and documentation. (Captioned by AI)1920×952 99.7 KB

  • Click New registration

The image shows the Microsoft Azure App registrations page with options for new registration, endpoints, and troubleshooting. (Captioned by AI)
The image shows the Microsoft Azure App registrations page with options for new registration, endpoints, and troubleshooting. (Captioned by AI)2344×1178 212 KB

  • Fill in:
    • Name: (e.g., Celigo Demo)
    • Supported account types: Choose as per your organization
  • Click Register

The image shows a Microsoft Azure interface for registering an application, with fields for entering an application name and selecting supported account types. (Captioned by AI)
The image shows a Microsoft Azure interface for registering an application, with fields for entering an application name and selecting supported account types. (Captioned by AI)2540×1898 326 KB

3. Configure Authentication

The image shows a configuration panel for application authentication, highlighting options for web and mobile platforms with a red arrow pointing to the 'Mobile and desktop applications' section on the right. (Captioned by AI)
The image shows a configuration panel for application authentication, highlighting options for web and mobile platforms with a red arrow pointing to the 'Mobile and desktop applications' section on the right. (Captioned by AI)2860×1474 465 KB

  • For redirect URI, enter:
    https://integrator.io/connection/oauth2callback
  • Click Configure

The image shows a web configuration page with a focus on setting up redirect URIs and options for implicit grant and hybrid flows. (Captioned by AI)
The image shows a web configuration page with a focus on setting up redirect URIs and options for implicit grant and hybrid flows. (Captioned by AI)1144×1432 121 KB

4. Set API Permissions

  • Go to API permissions
  • Click Add a permission

The image shows the API permissions page of a demo application where a new permission can be added and admin consent is being granted. (Captioned by AI)
The image shows the API permissions page of a demo application where a new permission can be added and admin consent is being granted. (Captioned by AI)2634×1450 343 KB

  • Choose Dynamics 365 Business Central****First:
    • Select Delegated permissions

The image shows a split-screen view of API permissions settings, highlighting 'Dynamics 365 Business Central' for programmatic access to data and functionality. (Captioned by AI)
The image shows a split-screen view of API permissions settings, highlighting 'Dynamics 365 Business Central' for programmatic access to data and functionality. (Captioned by AI)2820×1298 465 KB

The image shows a screen requesting API permissions for Dynamics 365 Business Central, highlighting 'Delegated permissions' where the application needs access as the signed-in user. (Captioned by AI)
The image shows a screen requesting API permissions for Dynamics 365 Business Central, highlighting 'Delegated permissions' where the application needs access as the signed-in user. (Captioned by AI)1190×970 56.7 KB

  • Add required scopes (e.g., Financials.ReadWrite.All, etc.)

The image shows a request for API permissions in Dynamics 365 Business Central, highlighting options for delegated and application permissions, including user impersonation and financials access. (Captioned by AI)
The image shows a request for API permissions in Dynamics 365 Business Central, highlighting options for delegated and application permissions, including user impersonation and financials access. (Captioned by AI)1720×1744 274 KB

The image shows a permission management screen for Dynamics 365 and Microsoft Graph APIs, highlighting admin consent requests. (Captioned by AI)
The image shows a permission management screen for Dynamics 365 and Microsoft Graph APIs, highlighting admin consent requests. (Captioned by AI)2170×1540 362 KB

The image shows the API permissions page for Celigo Demo, detailing a list of configured permissions with their statuses, all granted for Teknuro B.V. (Captioned by AI)
The image shows the API permissions page for Celigo Demo, detailing a list of configured permissions with their statuses, all granted for Teknuro B.V. (Captioned by AI)1920×1071 136 KB

5. Create Client Secret

  • Go to Certificates & secrets
  • Click New client secret
  • Add description and expiry (e.g., 6 or 12 months)
  • Click Add

The image shows a software interface for managing 'Certificates & secrets,' highlighting the option to create a new client secret in the 'Celigo Demo' application. (Captioned by AI)
The image shows a software interface for managing 'Certificates & secrets,' highlighting the option to create a new client secret in the 'Celigo Demo' application. (Captioned by AI)1666×1126 120 KB

The image shows a web interface for adding a client secret with fields for description and expiration date options. (Captioned by AI)
The image shows a web interface for adding a client secret with fields for description and expiration date options. (Captioned by AI)2930×1886 318 KB

:paperclip: Example Output (For Reference Only)

The image shows a Celigo Demo page displaying certificates and secrets information, including a client secret named 'Celigo ClientSecret' set to expire on 31/12/2025, within a software interface. (Captioned by AI)
The image shows a Celigo Demo page displaying certificates and secrets information, including a client secret named 'Celigo ClientSecret' set to expire on 31/12/2025, within a software interface. (Captioned by AI)2660×1230 294 KB

Save the Client ID and Secret Value.

:warning: Store the Client Secret securely. You cannot retrieve it again later.
:warning: Creating a Business Central connection via OAuth still uses the Azure App Registration, which may grant higher privileges than intended if the app has broad permissions — bypassing user-level scope limitations.

Create Connection in Celigo

  • Go to Connections
  • Create Connection
  • Select Microsoft Dynamics 365 Business Central application and select for example API:

The image shows a setup screen for creating a connection in Microsoft Dynamics 365 Business Central with options for API, OData, and S2S. (Captioned by AI)
The image shows a setup screen for creating a connection in Microsoft Dynamics 365 Business Central with options for API, OData, and S2S. (Captioned by AI)1718×1278 219 KB

  • Enter your Microsoft Dynamics 365 Business Central environment.
    How to retrieve the environment name:
  1. Sign in to the Microsoft Dynamics 365 Business Central admin center.
  2. Click Environment .
  3. Copy the Environment Name

The image shows a screenshot of the Dynamics 365 Business Central interface with a settings menu open on the right side. (Captioned by AI)
The image shows a screenshot of the Dynamics 365 Business Central interface with a settings menu open on the right side. (Captioned by AI)3316×1136 276 KB

A screenshot of the Dynamics 365 Business Central admin center showing the dashboard with environment details and a message indicating one unread message in the message center. (Captioned by AI)
A screenshot of the Dynamics 365 Business Central admin center showing the dashboard with environment details and a message indicating one unread message in the message center. (Captioned by AI)2530×1072 195 KB

Name here is Production, so we fill in Production:

The image shows a configuration screen for creating a new connection in Microsoft Dynamics 365 Business Central, with options for API, OData, and S2S API types, and an environment name set to 'Production.' (Captioned by AI)
The image shows a configuration screen for creating a new connection in Microsoft Dynamics 365 Business Central, with options for API, OData, and S2S API types, and an environment name set to 'Production.' (Captioned by AI)1222×1134 75 KB

The image shows a screenshot of a 'Create connection' form with fields for naming the connection, selecting an API type, and specifying the environment name, highlighted with red boxes and arrows pointing to a 'Save & authorize' button. (Captioned by AI)
The image shows a screenshot of a 'Create connection' form with fields for naming the connection, selecting an API type, and specifying the environment name, highlighted with red boxes and arrows pointing to a 'Save & authorize' button. (Captioned by AI)1194×1872 186 KB

:white_check_mark:Now the connection should work and you will see a online connection:

If it is not working, you can also switch to the HTTP tab in the connection to be created:

The image shows a user interface for creating a new connection, with options to select the connection type and name it 'Test Celigo 2', and an arrow pointing to the HTTP tab. (Captioned by AI)
The image shows a user interface for creating a new connection, with options to select the connection type and name it 'Test Celigo 2', and an arrow pointing to the HTTP tab. (Captioned by AI)1304×1122 69.8 KB

As a base uri fill in: https://api.businesscentral.dynamics.com/v2.0/Production/api

(Production is your environment name here)

The image displays a configuration screen for creating an HTTP connection to Microsoft Dynamics 365 Business Central, featuring fields for connection name, application, mode, base URI, and HTTP headers. (Captioned by AI)
The image displays a configuration screen for creating an HTTP connection to Microsoft Dynamics 365 Business Central, featuring fields for connection name, application, mode, base URI, and HTTP headers. (Captioned by AI)1356×1712 207 KB

Then scroll down and select OAuth 2.0 as the Auth:

The image shows a configuration screen for setting up OAuth 2.0 authentication with an option to select an OAuth 2.0 client and define scope. (Captioned by AI)
The image shows a configuration screen for setting up OAuth 2.0 authentication with an option to select an OAuth 2.0 client and define scope. (Captioned by AI)1520×810 37.2 KB

Click on the plus and create the iClient.
Here you will fill in a name and the client id and secret (which we generated in azure in the previous steps

The image shows a form interface for creating an iClient with fields for name, client ID, and client secret, and the options to save. (Captioned by AI)
The image shows a form interface for creating an iClient with fields for name, client ID, and client secret, and the options to save. (Captioned by AI)1120×1914 111 KB

Now click on Save & Authorize and it should work now:

The image displays a software configuration window for OAuth 2.0 authentication, with "Celigo Demo" set as the OAuth 2.0 client and a "Save & authorize" button highlighted. (Captioned by AI)
The image displays a software configuration window for OAuth 2.0 authentication, with "Celigo Demo" set as the OAuth 2.0 client and a "Save & authorize" button highlighted. (Captioned by AI)1002×1720 89.5 KB

:blue_book: Notes

  • This OAuth setup is required for all new integrations with Microsoft Dynamics 365 Business Central Online.
  • Use these credentials to authenticate in Celigo’s HTTP connector or prebuilt Business Central connector using OAuth 2.0.
6 Likes
2

@nuriensing You've been such a great part of the Celigo Connective community from its inception and this post is another great example of your awesome partnership. Thank you for taking the time to share your knowledge in such a detailed and thoughtful way! :clap:

1 Like
3

Thank you so much for the kind words, I truly appreciate it!

1 Like
4

Separately, I've sent this to @stephenbrandt and his docs team to improve our docs around this! As you can imagine, doing this for all 800 connections is a challenge so we appreciate the help!

1 Like
5

I just need to highlight one more part.

When creating a connection via Celigo > Microsoft 365 Business Central using OAuth 2.0, the process still opens a Microsoft consent screen — a pop-up that asks the user to grant permissions to the app.

Even if the OAuth app in Azure is configured with limited scopes (e.g., Financials.ReadWrite), the connection still results in full read/write access within Business Central. This behavior suggests that the actual access granted may exceed the scope requested, which is concerning.

Feel free to add insights about this.