Installation
Installation Guide Authorization Box on Azure
To be able to use the Authorization Box and connect it to your Dynamics NAV/365 Business Central environment, you have to install the Authorization Box Multi Connector. This service is required for (secure) communication with the other components of Authorization Box.
Please contact 2-Control support if you have any questions: support@2-control.nl. Be sure to provide:
- Version of your Windows- and Dynamics environment
- Screenshot of any error or message you receive
- If possible, send any log files or other error messages which may be relevant.
Installation Requirements Authorization Box
System requirements
- Supported Dynamics 365 Business Central / Dynamics NAV versions: Dynamics NAV 2013 R2 and up;
- SOAP Services needs to be enabled on the service tier configuration;
- A free object ID for execution of the web service codeunit in your Dynamics license:
- For on premise installations:
- If you have 2-Controlware add-on’s such as Field and Dataset Security, you do not need a free object ID, the codeunit is included in every 2-Controlware add-on. You might need to upgrade to the most recent version of 2-Controlware;
- Otherwise, please pass the free object ID to 2-Control support so we can provide you with the correct codeunit. If you have problems in finding a free object ID, please contact your Microsoft partner;
- Make sure you have updated the licence with to be able to use the Codeunit.
- For Business Central in the cloud:
- We can provide you with an extensions. For the connection with the Authorization Box the extension Compliance Essentials is necessary.
- A Windows version supported by Microsoft;
- .Net framework 4.6.1 or more recent.
Accounts and Permissions
Authorization Box requires two accounts:
- Business Central access: an user with SUPER permissions in any environment which needs to communicate with Authorization Box. The user is needed for the connection;
- Account permissions for the Authorization Box Multi Connector (Windows service): by default this service is installed with the Network Service account. You are free to use a different account for this service afterwards, the following permissions are then required:
- Log on as a service
- Read and execute permissions for the service installation folder.
The firewall needs to enable communication between:
1. The Authorization Box Multi Connector and any Dynamics service tier to be connected;
2. The Authorization Box Multi Connector and https://login.2-control.nl. This concerns only outside communication from your server to the Authorization Box web application:
- Azure Relay port settings: you need to open it to the ports described in the following article https://docs.microsoft.com/en-us/azure/azure-relay/relay-port-settings#wcf-relays. This article includes a table that describes the required configuration for port values for Azure Relay.docs.microsoft.com. Note: this is only necessary for outbound;
- IP/Host whitelisting: Authorization Box is hosted on Azure. As a result, Authorization Box does not have a fixed IP address, but changes daily or more often. Therefore, a range of IP addresses must be added in the firewall (if applicable). See: https://blogs.msdn.microsoft.com/servicebus/2017/01/13/azure-wcf-relay-dns-support/. You should test whether you can whitelist with DNS. You can try whitelisting: box-sb-prod.servicebus.windows.net as the hostname. If this does not work, the following PowerShell script can be used to find IP addresses to whitelist: https://github.com/Azure/azure-relay-dotnet/blob/master/tools/GetNamespaceInfo.ps1 . This returns a list of all IP addresses associated with our service bus. It is possible that this is a large number of addresses.
Installation by 2-Control
In case a consultant installs Authorization Box Connector for you, we need a contact or an account with administrator rights on the machine where the service will be installed in addition to the requirements mentioned above.
Steps for installation
See below the different steps for installing the Dynamics web service and the Authorization Box Connector.
Dynamics 365 Business Central / Dynamics NAV
For on premise installations. (This applies only to the 2controlware. For the apps, the objects are created automatically an has another id):
- Import the provided codeunit ABWebService (id 111120222) in your development environment.
- If you have the most recent version of 2-Controlware, you already have this codeunit with id 11112022
- 2-Control support will help you if you need the object with a different object id because of license permissions
- Create in the page Web Services a web service with this information:
- Object Type: Codeunit
- Object ID: 11112022 (or a customization number if you do not have 2-Controlware)
- Service Name: AB
- Published should be True (ticked)
- OData URL is not applicable
- Copy the SOAP URL, you will need it in the next steps.
-
The Authorization Box Connector should be installed on a server which can access the above installed web service. Check on the machine on which the connector will be installed whether you can open the SOAP URL in a browser. You might have to enter account credentials used by the service for Business Central access. You should see a valid XML-document (see below for an example). If you do not get something like the screenshot below, either:
- the configuration of the web service is incorrect;
- the codeunit is not compiled in Business Central;
- any credentials entered are incorrect – check by starting the Dynamics client with Run as other user in the right mouse menu combined with shift;
- the (domain) name of the server needs to be replaced with its IP address because incorrect set up of delegation (SPN’s) - see https://docs.microsoft.com/en-us/previous-versions/dynamicsnav-2016/jj551742(v=nav.90) for more information about delegation;
- the browser cannot reach the URL because of firewall restrictions or a disabled SOAP-service.
Install Authorization Box Connector
1. On the server where you want to install the connector, run the installer setup.exe from the zip file authorizationbox-setup.zip. You can download the installer from: https://2-control.nl/nl/software/authorization-box/ (bottom of the page: Authorization Box Connector Windows Service);
2. Choose a different location for installation if required;
3. Insert the security key you received in the welcome mail after registration:
4. Permit changes to the system from the UAC dialog.
5. If required, you can set the recovery model of the Authorization Box Connector to restart the service after the first failure in the default Windows Services console;
6. If required you can change the user account of the Authorization Box Connector in the default Windows Services console. The connector is by default installed with the Network Service account.
7. Make sure that also the service Authorization Box Multi Connector Update runs. This service will automatically update the Authorization Box Multi Connector is needed.
Create your first Database Connection
1. Login athttps://login.2-control.nlusing the credentials provided in the registration email. The user name is the email address used to register with Authorization Box. The page Authorization Box shows up:
2. After login,first you have to change your password.
3. The next step is to create a connection between the Authorization Box and your Dynamics environment. Click in the menu on Setup, General for the Customer details. In this page you can create a new Database Connection under the Fast Tab Databases
- Click on the New button* Enter the Database Name* Paste the SOAP-URL from the web service in the Connection URL-field* Select the Authentication Method* Enter the Domain* Enter the User and Password for access to Dynamics. This should be the account with SUPER-permissions.* Only enter the key code if you use 2 Authorization Multi Connectors* Select the option, Use webservices for data* Select the option, Use NTLM depending if you use this* Click on Test Connection for a connection test.* After a successful test you can Save & Close the database setup
Authorization Box users will automatically have permission for the new created database connection. Refer to Authorization Box Setup to change the database connection permissions per user in Authorization Box
To choose a new or other database connection:
- Click on the name of the current active connection on the top of the page.
- Choose a different database connection from the list.
Alternatively, you can change the currently active database connection, tme zone and language on the User Settings page:
- Open the User Settings page by clicking on the email address of the user account on top of the page.
- Modify the setup as you wish and confirm with Save & Close.
Finish
You have completed installation of Authorization Box. Do not hesitate to contact us at support@2-control.nl if you have any questions or remarks about our products or services.