2 Jun’17

D365 Business CentralSet up Single Sign-on in Dynamics NAV with Office 365 using Windows PowerShell


Single sign-on (SSO) in Dynamics NAV is a process which authenticates a user to access NAV Web client and NAV windows client using Office 365 email login credentials. When a new Office 365 subscription is provisioned, the Azure AD tenant for this subscription has to be created.


  1. Microsoft Azure Active Directory Module for Windows PowerShell
  2. Microsoft Online Services Sign-in Assistant
    You can download the setup of Microsoft Online Services Sign-in Assistant from here
  3. Microsoft Dynamics NAV 2017


In this article, I will be explaining the procedure to configure Single Sign-on in Dynamics NAV with the Office 365 login credentials of a user using Windows PowerShell.


  1. Go to Microsoft Dynamics NAV 2017 Administration and in the NAV instance enter the Certificate Thumbprint (the certificate can be either an SSL certificate or a self-signed certificate)

     Save the changes and restart your NAV instance.

  2. Go to mmc.exe and navigate to the certificate that is being used for Single sign-on. In mmc.exe, in Personal certificates section, in ‘Manage private keys’, add ‘NETWORK SERVICE’ as a user name and grant full control permissions to ‘NETWORK SERVICE’ user.
  3. In mmc.exe, along with Personal certificates section make sure the certificate is present in trusted root certification, Enterprise trust, Trusted publishers and Trusted people.
  4. Navigate to the user for which Single sign-on is being set up in NAV and under Office 365 Authentication enter the Office 365 email of the user. 

  5. Now run Microsoft Azure Active Directory Module for Windows PowerShell as administrator.
  6. Navigate to the Service folder to find NavAdminTool.ps1  module and run the following command in PowerShell to import the module
    Import-Module "C:\Program Files\Microsoft Dynamics NAV\100\Service\NavAdminTool.ps1"
  7. Navigate to the RoleTailoredClient folder to find ps1 module and run the following command in PowerShell to import the module.
    Import-Module "C:\Program Files (x86)\Microsoft Dynamics NAV\100\RoleTailored Client\NavModelTools.ps1"
  8. To import NAVOffice365Administration Module, navigate to the Microsoft Dynamics NAV DVD and then to NAVOffice365Administration. Run the following command in PowerShell to import NAVOffice365Administration.psm1.
    Import-Module "C:\Users\iotapadmin\Documents\CU 5 NAV 2017 W1\NAV.10.0.16177.W1.DVD\WindowsPowerShellScripts\NAVOffice365Administration\NAVOffice365Administration.psm1"
  9. To configure your Microsoft Dynamics NAV Server for single sign-on, you have to run the cmdlet  Set-NavSingleSignOnWithOffice365 in PowerShell with the following parameter set:
    Set-NavSingleSignOnWithOffice365 -AuthenticationEmail “YourAuthenticationEmail” -NavServerInstance “YourNAVServerInstance” -NavUser “YourNavUser” -NavWebAddress “YourNavWebClientAddress” -NavServerCertificateThumbprint "YourNAVServerCertificateThumbprint" -NavWebServerInstanceName “YourNavWebServerInstanceName

    After entering this command a pop up box shown as below appears with the Office 365 email ID given in the above command and you have to enter the password of the given Office 365 email ID:

    After entering the password, the below output will appear in PowerShell:

    Copy and save the URL that appears at the end in PowerShell as it will be required later.

  10. Navigate to the ClientUserSettings file of the user and change the following parameters:

    Change ClientServicesCredentialType parameter value from ‘Windows’ to ‘AccessControlService’.

    Change the ACSUri parameter value to the value of URL link generated after the PowerShell command runs which I have mentioned in step 8.

  11. The parameters of the web client web.config file have not to be modified manually. It is automatically modified after the PowerShell command script runs.
  12. After SSO is configured, when you start Dynamics NAV Windows client and Web client, you have to enter the credentials of the Office 365 email ID which is provided while running PowerShell script in step 8.

    Fig: Windows Client

    Fig: Web Client


Written by

Team Member


Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.

Want to streamline your business processes?

  • This field is for validation purposes and should be left unchanged.

Recent Articles

  • Reading more then 10K records in D3FOE OData API

    11 July’ 2018

    Introduction: We all know Dynamics 365 Finance and Operations has limitation of 10K records to be fetched at a time usi...

    Read more
  • Paging in D365 Customer Engagement v9.0

    10 July’ 2018

    Introduction: The Xrm.retrieveMultipleRecords method is used to retrieve a collection of records in Dynamics 365 Custom...

    Read more
  • Set up Dynamics 365 connection in Microsoft Social Engagement

    10 July’ 2018

    Introduction: This blog explains how to Set up Dynamics 365 connection in Microsoft Social Engagement. Steps to be follo...

    Read more
  • Voice of the Customer failed to install

    10 July’ 2018

    Introduction: Many people face issues in installing Voice of Customer solution on v9 environment and trying repeatedly ...

    Read more
  • Scribe Insight AX as a Web Service Find Block issue

    10 July’ 2018

    Introduction: If we need to look up for any value from AX then we do it by using a Find Block in Scribe Insight Eg: Basi...

    Read more