Microsoft Dynamics NAV 2013 R2 supports four credential authorization mechanisms for Microsoft Dynamics NAV users. When you create a user, you provide different information depending on the credential type that you are using in the current Microsoft Dynamics NAV Server instance.

Important
All users of a Microsoft Dynamics NAV Server instance must be using the same credential type. You specify which credential type is used for a particular Microsoft Dynamics NAV Server instance in the Microsoft Dynamics NAV Server Administration tool.

For more information about how to create users, see How to: Create Microsoft Dynamics NAV Users. Alternatively, you can create new users using the Windows PowerShell cmdlet, New-NAVServerUser. For more information, see Microsoft Dynamics NAV Windows PowerShell Cmdlets.

Credential Types

Microsoft Dynamics NAV supports the following credential types.

Credential types Description

Windows

With this credential type, users are authenticated using their Windows credentials (Active Directory, local workgroup, or the local computerís users). Before you create a Windows user, there must already be a corresponding user in Windows. Because they are authenticated through Windows, Windows users are not prompted for credentials when they access Microsoft Dynamics NAV.

UserName

With this setting, the user is prompted for username/password credentials when they access Microsoft Dynamics NAV. These credentials are then validated against Windows authentication by Microsoft Dynamics NAV Server. There must already be a corresponding user in Windows. Security certificates are required to protect the passing of credentials across a wide-area network. Typically, this setting should be used when the Microsoft Dynamics NAV Server computer is part of an authenticating Active Directory domain, but the computer where the Microsoft Dynamics NAV Windows client is installed is not part of the domain.

NavUserPassword

With this setting, authentication is managed by Microsoft Dynamics NAV Server but is not based on Windows users or Active Directory. The user is prompted for username/password credentials when they start the client. The credentials are then validated by an external mechanism. Security certificates are required to protect the passing of credentials. This mode is intended for hosted environments, for example, where Microsoft Dynamics NAV is implemented in Azure.

AccessControlService

With this setting, Microsoft Dynamics NAV relies on Windows Azure Access Control Service (ACS) or Windows Azure Active Directory (Windows Azure AD) for user authentication services.

ACS is a cloud service that provides user authentication and authorization for web applications and services. ACS integrates with standards-based identity providers, including enterprise directories such as Active Directory, and web identities such as Windows Live ID, Google, Yahoo!, and Facebook. For more information, see Use ACS to Authenticate Users.

Windows Azure AD is a cloud service that provides identity and access capabilities for applications on Windows Azure and Microsoft Office 365. If the Microsoft Dynamics NAV Server instance is configured to use AccessControlService authentication, you can specify a Windows Azure AD account for each user in the Office 365 Authentication field so that they can access both the Microsoft Dynamics NAV Web client and their Office 365 site. Also, if you use Microsoft Dynamics NAV in an app for SharePoint, users have single sign-on between the SharePoint site and Microsoft Dynamics NAV. For more information, see Authenticate Users with Windows Azure Active Directory.

Important
If Microsoft Dynamics NAV Server is configured to use NavUserPassword or AccessControlService authentication, then the username, password, and access key can be exposed if the SOAP or OData data traffic is intercepted and the connection string is decoded. To avoid this condition, configure SOAP and OData web services to use Secure Socket Layer (SSL). For more information, see Walkthrough: Configuring Web Services to Use SSL (SOAP and OData).

Configuring the Credential Type

RoleTailored clients and Microsoft Dynamics NAV Server must be configured to use the same credential type.

To configure the credential type

  1. Edit the client configuration file for each relevant user.

    A separate instance of the ClientUserSettings.config file is maintained for each Microsoft Dynamics NAV Windows client user. You must modify the configuration for each instance of the file. The default location for this file is C:\Users\<username>\AppData\Roaming\Microsoft\Microsoft Dynamics NAV\71, where <username> is the name of the user.

    Note
    For information about how to configure Microsoft Dynamics NAV Web client, see Configuring Microsoft Dynamics NAV Web Client by Modifying the Web.config File.

    1. Find the ClientServicesCredentialType parameter and change the value to one of the options listed earlier.
    2. Save ClientUserSettings.config and restart the Microsoft Dynamics NAV Windows client.
  2. Edit the configuration for the Microsoft Dynamics NAV Server instance.

    Use either the Microsoft Dynamics NAV Server Administration tool or the Microsoft Dynamics NAV Windows PowerShell cmdlets. For more information, see Configuring Microsoft Dynamics NAV Server.

    Find the ClientServicesCredentialType parameter in the configuration for the instance and change the value to one of the options listed.

    Note
    In the Microsoft Dynamics NAV Server Administration tool, the parameter is named Credential Type and is on the General tab.

    Important
    When Microsoft Dynamics NAV Server services are deployed on Azure, you must configure them on Azure. For more information, see How to: Open Microsoft Dynamics NAV Clients that Connect to Microsoft Dynamics NAV on Windows Azure.

  3. Restart the Microsoft Dynamics NAV Server instance. Use either the Microsoft Dynamics NAV Server Administration tool, the Microsoft Dynamics NAV Windows PowerShell cmdlets, or the Services tool in Windows Control Panel.

See Also