This topic provides an overview of how to configure user authentication with SharePoint.
Configuring User Authentication for SharePoint Online and SharePoint On-Premises
SharePoint Online and SharePoint on-premises support different authentication methods. This means that depending on your SharePoint deployment, you must configure Microsoft Dynamics NAV differently. The configuration applies to the Microsoft Dynamics NAV Server instances, the user setup, and the Microsoft Dynamics NAV clients that users can use.
SharePoint Online
For SharePoint Online, the following Microsoft Dynamics NAV configurations are available:
| Client Type | Microsoft Dynamics NAV Server Credential Type | Authentication Mechanism | ||
|---|---|---|---|---|
Microsoft Dynamics NAV Web client | AccessControlService | Microsoft Azure Active Directory (Azure AD) | ||
Microsoft Dynamics NAV Windows client | AccessControlService | Azure AD added to an Access Control service (ACS) namespace.
|
SharePoint On-Premise
When you want to deploy apps to SharePoint on-premises, you must configure the SharePoint sites first. For more information, see Configure an environment for apps for SharePoint and Plan for apps for SharePoint 2013 on TechNet.
For SharePoint on-premises that must be accessible from the internet so that SharePoint and Microsoft Dynamics NAV are publicly accessible, the following Microsoft Dynamics NAV configurations are available:
| Client Type | Microsoft Dynamics NAV Server Credential Type | Authentication Mechanism |
|---|---|---|
Microsoft Dynamics NAV Web client | AccessControlService | Azure AD -Or- Azure AD added to an Access Control service (ACS) namespace. |
Microsoft Dynamics NAV Windows client | AccessControlService | Azure AD added to an Access Control service (ACS) namespace. |
 Important |
|---|
| If you use Azure AD as the authentication mechanism, your app for SharePoint must open the Microsoft Dynamics NAV Web client in full screen mode in SharePoint on-premises deployments. For more information, see Troubleshooting: Microsoft Dynamics NAV and SharePoint. |
For SharePoint on-premises that must be accessible from an intranet so that SharePoint and Microsoft Dynamics NAV are accessed only on-premises, the following Microsoft Dynamics NAV configurations are available:
| Client Type | Microsoft Dynamics NAV Server Credential Type | Authentication Mechanism |
|---|---|---|
Microsoft Dynamics NAV Web client | Windows -Or- AccessControlService | Windows authentication -Or- Azure AD |
Microsoft Dynamics NAV Windows client | Windows | Windows authentication |
 Note |
|---|
| The security zones that the security mechanisms in Internet Explorer rely on can lead to unexpected behavior when users access the Microsoft Dynamics NAV Web client from SharePoint. For more information, see Troubleshooting: Microsoft Dynamics NAV and SharePoint. |
Configuring Single Sign-on
As part of a SharePoint Online subscription, you also get an Azure AD tenant. The Azure AD tenant handles user authentication when users sign in to SharePoint Online. To enable a seamless integration between SharePoint Online and Microsoft Dynamics NAV, you must configure Microsoft Dynamics NAV to authenticate users against the same Azure AD tenant. This will enable single sign-on between the two applications, so that users will only have to sign in once. Also, Microsoft Dynamics NAV web parts that are embedded on SharePoint pages will work. You can work with Azure AD management in the Azure management portal, or you can use Azure AD Module for Windows PowerShell cmdlets. For more information, see Authenticating Users with Azure Active Directory.
For more information about how to achieve single sign-on between Microsoft Dynamics NAV and SharePoint based on Azure AD, see Authenticating Users with Azure Active Directory.