With Business Central 2023 release wave 1 (BC22) the "Control Access to Business Central Using Security Groups" got introduced:
https://learn.microsoft.com/en-us/dynamics365/business-central/ui-security-groups
Onpremises this feature works fine with the credential type "Windows" and an Active Directory hosted onpremises.
Unfortunately this does not work onpremises in combination with AAD-Authentication (or credential type "AccessControlService").
So basically, you're unable to use this feature onpremises if you're using AAD-Authentication.
The Security Group page changes depending on your WebClients authentication type. If you use AAD-Authentication (AccessControlService), Business Central is unable to retreive the AAD Security Groups.
For whatever reason this is currently not supported and the Microsoft support told me to open an "idea" for that.
Side note:
In my opinion this is a bug which has to be fixed and not a feature request!
Comments
I love that this is ranked #5 on the list, has been around for almost 3 years, but Microsoft doesn't even bother to respond.We host BC for our customers, so the only thing that makes sense to at least give them sovereignty on the authentication is to use Entra ID for authentication.Not being able to use security groups is ridiculous, every single user needs to be managed individually. We have customers with 500+ users. We get a request about it from time to time but I'm honestly surprised by the "capacity for suffering" our customers have...
Category: Tenant Administration