Set up Single Sign-on in Dynamics NAV with Office 365 using Windows PowerShell

Posted On June 2, 2017 by Admin Posted in 

Microsoft Dynamics Nav integration is a default integration setup for Dynamics Nav that gives an option to integrate and use Microsoft Dynamics CRM entities with itself. The only thing that needs to be done for the integration is to enable the default integration setup after which you are good to go. After the successful integration, the user is able to integrate accounts, contacts, products, user, transaction currency, Sales Order which are synchronise data of Microsoft Dynamics CRM with the customers, contacts, items, Salesperson, Currency, Sales Order and Unit of measure which are the entities of Microsoft Dynamics Nav.

This integration or linking of the records eases the process on many levels giving the customer a hassle free transaction and complex free system


Single sign-on (SSO) in Dynamics NAV is a process which authenticates a user to access NAV Web client and NAV windows client using Office 365 email login credentials. When a new Office 365 subscription is provisioned, the Azure AD tenant for this subscription has to be created.


  1. Microsoft Azure Active Directory Module for Windows PowerShell
  2. Microsoft Online Services Sign-in Assistant
    You can download the setup of Microsoft Online Services Sign-in Assistant from here
  3. Microsoft Dynamics NAV 2017


In this article, I will be explaining the procedure to configure Single Sign-on in Dynamics NAV with the Office 365 login credentials of a user using Windows PowerShell.


  1. Go to Microsoft Dynamics NAV 2017 Administration and in the NAV instance enter the Certificate Thumbprint (the certificate can be either an SSL certificate or a self-signed certificate) Save the changes and restart your NAV instance.
  2. Go to mmc.exe and navigate to the certificate that is being used for Single sign-on. In mmc.exe, in Personal certificates section, in ‘Manage private keys’, add ‘NETWORK SERVICE’ as a user name and grant full control permissions to ‘NETWORK SERVICE’ user.
  3. In mmc.exe, along with Personal certificates section make sure the certificate is present in trusted root certification, Enterprise trust, Trusted publishers and Trusted people.
  4. Navigate to the user for which Single sign-on is being set up in NAV and under Office 365 Authentication enter the Office 365 email of the user. 
  5. Now run Microsoft Azure Active Directory Module for Windows PowerShell as administrator.
  6. Navigate to the Service folder to find NavAdminTool.ps1  module and run the following command in PowerShell to import the module
    Import-Module "C:\Program Files\Microsoft Dynamics NAV\100\Service\NavAdminTool.ps1"
  7. Navigate to the RoleTailoredClient folder to find ps1 module and run the following command in PowerShell to import the module.
    Import-Module "C:\Program Files (x86)\Microsoft Dynamics NAV\100\RoleTailored Client\NavModelTools.ps1"
  8. To import NAVOffice365Administration Module, navigate to the Microsoft Dynamics NAV DVD and then to NAVOffice365Administration. Run the following command in PowerShell to import NAVOffice365Administration.psm1.
    Import-Module "C:\Users\iotapadmin\Documents\CU 5 NAV 2017 W1\NAV.10.0.16177.W1.DVD\WindowsPowerShellScripts\NAVOffice365Administration\NAVOffice365Administration.psm1"
  9. To configure your Microsoft Dynamics NAV Server for single sign-on, you have to run the cmdlet  Set-NavSingleSignOnWithOffice365 in PowerShell with the following parameter set:
    Set-NavSingleSignOnWithOffice365 -AuthenticationEmail “YourAuthenticationEmail” -NavServerInstance “YourNAVServerInstance” -NavUser “YourNavUser” -NavWebAddress “YourNavWebClientAddress” -NavServerCertificateThumbprint "YourNAVServerCertificateThumbprint" -NavWebServerInstanceName “YourNavWebServerInstanceName

    After entering this command a pop up box shown as below appears with the Office 365 email ID given in the above command and you have to enter the password of the given Office 365 email ID:

    After entering the password, the below output will appear in PowerShell:

    Copy and save the URL that appears at the end in PowerShell as it will be required later.

  10. Navigate to the ClientUserSettings file of the user and change the following parameters:Change ClientServicesCredentialType parameter value from ‘Windows’ to ‘AccessControlService’.

    Change the ACSUri parameter value to the value of URL link generated after the PowerShell command runs which I have mentioned in step 8.

  11. The parameters of the web client web.config file have not to be modified manually. It is automatically modified after the PowerShell command script runs.
  12. After SSO is configured, when you start Dynamics NAV Windows client and Web client, you have to enter the credentials of the Office 365 email ID which is provided while running PowerShell script in step 8.

    Fig: Windows Client

    Fig: Web Client

Share Story :