This topic provides an overview of how to configure user authentication with SharePoint.
Configuring User Authentication for SharePoint Online and SharePoint On-Premises
SharePoint Online and SharePoint on-premises support different authentication methods. This means that depending on your SharePoint deployment, you must configure Microsoft Dynamics NAV differently. The configuration applies to the Microsoft Dynamics NAV Server instances, the user setup, and the Microsoft Dynamics NAV clients that users can use.
SharePoint Online
For SharePoint Online, the following Microsoft Dynamics NAV configurations are available:
| Client Type | Microsoft Dynamics NAV Server Credential Type | Authentication Mechanism | ||
|---|---|---|---|---|
Microsoft Dynamics NAV Web client | AccessControlService | Microsoft Azure Active Directory | ||
Microsoft Dynamics NAV Windows client | AccessControlService | Microsoft Azure Active Directory added to an Access Control Service (ACS) namespace.
|
SharePoint On-Premise
When you want to deploy apps to SharePoint on-premises, you must configure the SharePoint sites first. For more information, see Configure an environment for apps for SharePoint and Plan for apps for SharePoint 2013 on TechNet.
For SharePoint on-premises that must be accessible from the internet so that SharePoint and Microsoft Dynamics NAV are publicly accessible, the following Microsoft Dynamics NAV configurations are available:
| Client Type | Microsoft Dynamics NAV Server Credential Type | Authentication Mechanism |
|---|---|---|
Microsoft Dynamics NAV Web client | AccessControlService | Microsoft Azure Active Directory -Or- Microsoft Azure Active Directory added to an Access Control Service (ACS) namespace. |
Microsoft Dynamics NAV Windows client | AccessControlService | Microsoft Azure Active Directory added to an Access Control Service (ACS) namespace. |
 Important |
|---|
| If you use Microsoft Azure Active Directory as the authentication mechanism, your app for SharePoint must open the Microsoft Dynamics NAV Web client in full screen mode in SharePoint on-premises deployments. For more information, see Troubleshooting: Microsoft Dynamics NAV and SharePoint. |
For SharePoint on-premises that must be accessible from an intranet so that SharePoint and Microsoft Dynamics NAV are accessed only on-premises, the following Microsoft Dynamics NAV configurations are available:
| Client Type | Microsoft Dynamics NAV Server Credential Type | Authentication Mechanism |
|---|---|---|
Microsoft Dynamics NAV Web client | Windows -Or- AccessControlService | Windows authentication -Or- Microsoft Azure Active Directory |
Microsoft Dynamics NAV Windows client | Windows | Windows authentication |
 Note |
|---|
| The security zones that the security mechanisms in Internet Explorer rely on can lead to unexpected behavior when users access the Microsoft Dynamics NAV Web client from SharePoint. For more information, see Troubleshooting: Microsoft Dynamics NAV and SharePoint. |
Configuring Single Sign-on
As part of a SharePoint Online subscription, you also get a Microsoft Azure Active Directory (Microsoft Azure AD) tenant. The Microsoft Azure AD tenant handles user authentication when users sign in to SharePoint Online. To enable a seamless integration between SharePoint Online and Microsoft Dynamics NAV, you must configure Microsoft Dynamics NAV to authenticate users against the same Microsoft Azure AD tenant. This will enable single sign-on between the two applications, so that users will only have to sign in once. Also, Microsoft Dynamics NAV web parts that are embedded on SharePoint pages will work. You can work with Microsoft Azure AD management in the Microsoft Azure Management Portal, or you can use Microsoft Azure Active Directory Module for Windows PowerShell cmdlets. For more information, see Authenticating Users with Windows Azure Active Directory.
For more information about how to achieve single sign-on between Microsoft Dynamics NAV and SharePoint based on Microsoft Azure Active Directory, see Authenticating Users with Windows Azure Active Directory.