One of the coolest feature in Dynamics 365 Business Central is surely the Dataverse integration, a foundamental building block for integrating the ERP with Dynamics 365 applications and Power Platform.
If you’re using Dataverse with Dynamics 365 Business Central, with the last 18.3 release a new announcement was present in the feature list: Client secret-based service to service authentication deprecation for Microsoft hosted tenants integrating to Dataverse. To ensure no disruptions in integration between Business Central and Dataverse you must upgrade your Business Central connection to Dataverse to certificate-based authentication. Although change will happen in March 2022, we strongly recommend you perform the steps as soon as possible.
What does that mean?
In April, 2022, Dataverse is deprecating the Office365 authentication type (username/password) in order to remove a security protocol (WS-Trust) that is inherently insecure by current encryption standards.
The WS-Trust security protocol, when used in conjunction with a user account and password, implements an authentication flow that presents both the user ID and password to the authenticating resource in a “clear text” form, relying solely on the transport encryption to provide security for the initial step of the authentication, until the token service returns an authentication token to use. Additionally, the WS-Trust protocol does not support modern forms of Multi-Factor Authentication and conditional access controls.
Additionally, in March, 2022, Business Central is deprecating the use of client secret based service-to-service authentication for online tenants and will require the use of certificate-based service-to-service authentication for connections to Dataverse.
What I have to do for this?
Certificate-based authentication is available in Business Central 2021 release wave 1 and later, so please check to have your tenant upgraded to this version (but I think you’re on this situation).
To upgrade the service connection in order to use certificate-based service-to-service authentication for Dataverse is very easy. Open the Dataverse Connection Setup page, choose Connection and then click on Use Certificate Authentication:
You will be prompted to login. Sign in with administrator credentials for Dataverse. When the login is successfully established, a blank page like the following appears for less than a minute. Don’t close this page:
When the service connection upgrade was completed, you will receive a response like the following:
That’s done!
If you’re using integration with Dynamics 365 for Sales, you should do the same process from the Microsoft Dynamics 365 Connection Setup page:
Easy as you can see, but please remember the following things:
- You must repeat these steps for each Business Central environment (both production and sandbox environments) and for each company where you have a connection to Dataverse.
- The changement is needed only for Microsoft’s online tenants. ISV-hosted online tenants and on-premises installations can continue to use the standard Office365 authentication.
If you’re using Dataverse integration with Dynamics 365 Business Central, no reason to wait… upgrade your service connection.
Stefano Demiliani 
Hi!
I have a question regarding the Dataverse connection to Dynamics CRM. It is not related to what you talk about in this blog post.
We have a customer that is syncing customer between BC and CRM. They would like to pull data from both BC and CRM and do some Power BI magic. Issue here is that we can not find any unique key that is shared between BC and CRM for each customer. The customers are coupled with accounts in BC however we can not find the actual table where the “coupling” is made between be primary key of BC and CRM.
I hope you understand what I’m looking for, could you point me in the right direction here?
LikeLike
Not sure to understood, but record coupling can be done as explained here:
https://docs.microsoft.com/en-us/dynamics365/business-central/admin-how-to-couple-and-synchronize-records-manually
Integration Record table maps the GUID in BC with the GUID in CRM.
LikeLike
Thanks! The table CRM Integration Record is what i was looking for.
LikeLiked by 1 person
Hi,
I got an error in my dataverse connection setup page, saying that the dataverse version is not correct. it used to work properly, so now I think that maybe we missed using the certificate authentication in our sandbox environment. (production is working fine)
when I clicked the action, the popup window asked me to login as admin, then nothing happened, I didn’t get the confirmation message of the newly created user.
I tried to set up dataverse to a new company, thinking it will be done from scratch and will work with service to service authentication, but it doesn’t work. I couldn’t do the setup.
now that the basic authentication is deprecated, how to overcome the disruption in integration.
LikeLike