Access and Configure Service-to-Service Authentication in Shop Floor Insight

You are here:

Ensure you have the following service-to-service authentication prerequisites:

  • Be using Business Central SaaS, minimum of 19.5
  • Be using Azure Active Directory for authentication
  • Have a minimum Shop Floor Insight 7.9 for the app file.
  • Be using a minimum of the March-21-2022 update for 7.9 for the html/js service tier.
  • Part of these steps must be done with a customer account that has sufficient permission to grant applications access to their BC SaaS instance (usually not your remote access account).

Grant access

  1. Navigate to Azure Active Directory Applications in Business Central (part of standard Business Central).
  1. Complete one of the following:
    1. Entry exists: Select Edit.
    2. Entry does not exist: Select New and create an entry.
  2. Input or modify the following for the new entry:
    1. Client ID: 66d9a62b-ddb9-4855-9ed3-361a0515ed2e
    2. Description: Shop Floor Insight
    3. State: Enabled
    4. User Permission Sets: Ensure SFI-SERVICE and IWORKS COMMON are used and sufficient permissions (defined in the Kickoff guide Excel sheet) are set to perform the required Shop Floor Insight tasks. (e.g., for using jobs, give permissions for jobs; for fixed assets, give permissions for fixed assets; for production orders, give permissions for what they plan on using with production orders).
  1. Select Grant Consent.
  1. Select Accept on the pop up to give Shop Floor Insight access to the following resources:
    • Access as the signed-in user
    • Access Dynamics 365 Business Central as the signed-in user
    • Full access to web services API
    • Access according to the application’s permissions in Dynamics 365 Business Central
    • Sign in and read user profile
  2. Select OK.

If you see a permission error, the account you are using does not have permission to grant consent. Repeat the Grant Access steps again with an account that has permission to grant consent.

Configure the service

The installer is the one configurating the service. Configure the service must be done after access is granted; see the Grant Access steps.

Complete the following for each service instance you need to configure:

  1. Locate and edit your IW.TimeCollectionModule.Service.exe.config file.
  2. Set clientCredentialType to None under transport.
  3. Locate and set DynamicsNavWebServiceAuthenticationMode to OAuthS2SClientCredentials.
  4. Locate and set OAuthTenant setting to the OAuthTenant GUID.

  1. Complete the installation once you have finished Grant access and Configure the service.
Was this article helpful?
0 out Of 5 Stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Need help?

Leave A Comment

Go to Top