“External Azure Active Directory” users and Single-Sign-On in Dynamics 365 Business Central

If you are setting up Single-Sign-On (SSO) for Dynamics 365 Business Central (DBC) and you are only able to authenticate users local to the Azure Active Directory (i.e. non Guest or “External Azure Active Directory” users), then you might have stumbled across the same error as me.

The error manifests itself by allowing you to log in using SSO, but just when the DBC webclient is suppose to open, you get this error:

Your user name or password is incorrect, or you do not have a valid account in Dynamics 365 Business Central.

The problems is that a user with that authentication e-mails IS in fact present in DBC – so the error makes no sense.

Also you will sometimes get a warning in the Event Viewer that the SSO token was valid, but the user could not be found in DBC.

As mentioned the local domains works fine, it is only if you try to add external users and authenticate with those it does not work:

User type: Guest
Source: External Azure Active Directory

I’ve seen this error in Microsoft Dynamics 365 Business Central 2018 fall release with cumulative update 1 and 2.

I’m aware that you – with powershell – can change a User type Guest to a User type Member. I tried it, but the result was the exact same. So “no cigar” for that solution.

After upgrading the platform to the latest Cumulative Update (which is 7 while I’m writing this), the error is completely gone. So there you have your fix :-).

Note: I’ve not tested all the CUs between 2 and 7 to figure out when it was fixed or if there is a entry in the fix list that mentions this – so if you have more knowledge about that, please share by adding a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *