This is the installation guide for the Authorization Box.
The Authorization Box communicates with your Dynamics environment via a web service and a secure relay mechanism.
For more details about architecture and security, see Security and Compliance.
To use the Authorization Box, first install two technical components. After that, start setting up your connection.
For the installation guide for the Compliance Apps (Field Security and/or Field Validation), see Getting Started in our separate wiki for our apps.
To communicate with the Authorization Box, a Dynamics web service and an Authorization Box Multi Connector need to be installed.
It is important that the connection user has the SUPER permission in Business Central as this user has to have permission to assign rights in Business Central.
For the Cloud version of Microsoft Dynamics 365 Business Central, there are no additional requirements.
For On-Premises installations of Microsoft Dynamics 365 Business Central, the following is required:
To install the required web services, installation of our extension Compliance Essentials is required.
For the Cloud version, install either one of the available Compliance extensions (Field Security, Field Validation or Inventory Reconciliation) and the Compliance Essentials will be automatically installed with those extensions.
For On-Premise installations, download the extension from our web portal and install it manually.
For detailed extension installation instructions, see Getting Started.
After the extension is installed, the following web services will be available in your environment.
(Codeunit 70077770, Object Name ‘2C ES ABWebService’ with Service Name ‘AB’)
When using a Dynamics NAV version, our 2-Controlware software (.FOB) can be downloaded from our web portal, to install the .FOB file.
Afterwards, manually create the following web service: Codeunit 11112022 ABWebservice.
Make sure the Service Name is “AB”.
On the server where the connector is being installed, the firewall needs to enable communication between:
When running Business Central in the Cloud, we can host the connector for you. In that case, skip this step.
For more information about hosting the connector by 2-Controlware, please contact sales@2-controlware.com .
On the server where the connector is being installed, run the installer setup.exe from the zip file authorizationbox-setup.zip.
The installer can be downloaded when logged in to the Authorization Box using the menu option Setup=>General.
In the fasttab Databases, use the button ‘Download Connector’.
A partner can download the file from our portal.
Select a different location for installation if required
Insert the security key received in the welcome mail from our backoffice. In case a security key has not been received yet, please contact support@2-controlware.com.
Confirm installation by clicking on Next
After the installation is finished, the following Windows Services are installed:
Make sure that also the service Authorization Box Multi Connector Update runs.
This service will automatically update the Authorization Box Multi Connector if needed.
Please test if h the Dynamics web service can be reached on the server where the connector is installed.
Test this by copying the SOAP URL from the page Web Services in Dynamics from the webservice “AB” (Codeunit 70077770) and paste this in a browser. After authentication a WSDL page should appear.
To access the Business Central web service, the following is required:
Open the Business Central environment and search for Microsoft Entra Applications (in older versions Azure Active Directory Applications).
Open the application card called “Integration with Authorization Box.”
This application is automatically installed when the extension Compliance Essentials is installed.
If for some reason the application card for Authorization Box can not be found or it got accidentally removed, add the application card manually.
Click on 'New' to add a new Microsoft Entra Application Card and create the card with the following data:
In case the Compliance Essentials extension can't be found, the Technical Installation above should be completed first.
The state of the application must be set to “Enabled”.
When the OAuth authentication is going to be used, click on the button Grant Consent and follow the wizard to give permission to the Authorization Box OAuth app [ important ! ].
When you have finished the wizard, the message should appear : “Consent was given successfully”.
When the technical installation and the configuration of Business Central are finished, start configuring Authorization Box by creating the first database connection.
Log in at https://login.2-controlware.com using the credentials provided in the registration email. The user name is the email address used to register with Authorization Box. In case an account is not yet available, please contact support@2-controlware.com .
When logging in for the first time, it is required to change the password. Next, click in the menu on Setup -> General and click on the fasttab "Databases"
The Authorization Box user that creates the connection will automatically have permissions for the newly created database connection.
For other Authorization Box users, permissions have to be granted for the new connection via their user card.
Access a user card using Setup -> General and click on the fasttab “Users”.
Next, click on a user name to access their user card.
When the connection URL of yhe existing database connection should change, it is important to first use ‘Save’ to save this URL.
This action should automatically connect to the database through the new URL.
Using the “Test connection" option after the URL change, will NOT save the new URL for the connection.
To authenticate with OAuth, there is some configuration required. See Configure Business Central above.
When using OAuth On-Prem authentication, it is necessary to set the ADOpenIdMetadataLocation parameter in the server instance.
(see https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/authenticating-users-with-azure-ad-openid-connect?tabs=singletenant%2Cadmintool#task-4-configure-)
Afterwards, to setup OAuth authentication in the Database Connection, follow these steps whilst setting up the database connection:
To maintain the connection, the token must be refreshed periodically. This is automatically handled by Authorization Box.
If a situation occurs that the token is no longer valid, this is usually because the password of the connection-user has changed or that changes have been made to the tenant settings.
In this case an email will be sent mentioning the token has to be refreshed.
The problem can be solved by clicking on the ‘Edit’ button in the General setup of the database and following the above steps again.
Changing the time zone and language of the currently active database can be set up under the User Settings.
Change the password to access the Authorization Box with the Settings option.
In the Setup menu select the "About the Authorization Box".
This screen shows the Version number, Database name used at time of login, the Server name and the Internal IP address of the Server.
Content of Setup / Administration :