All Apps
Menu

Authentication

Download Document automation

Authentication

This guide covers authentication methods and security configuration for Document Automation integrations.

Authentication Methods

Business Central Authentication

OAuth 2.0 (Cloud)

OAuth 2.0 is the recommended authentication method for cloud-based Business Central integrations.

Setup Process:

  1. Register application in Azure Active Directory
  2. Configure API permissions for Business Central
  3. Obtain client ID and client secret
  4. Implement OAuth 2.0 flow in your application

Required Permissions: - Financials.ReadWrite.All - Full access to Business Central data - User.Read - Basic user profile information - Mail.Read - Email integration (if applicable)

Token Management: - Access tokens expire after 1 hour - Refresh tokens valid for 90 days - Implement automatic token refresh - Secure token storage and handling

API Keys (On-Premise)

API key authentication is available for on-premise Business Central deployments.

Configuration:

  1. Enable API key authentication in Business Central
  2. Generate API keys for integration applications
  3. Configure key-based authentication in client applications
  4. Implement secure key storage and rotation

Best Practices: - Regular key rotation (quarterly recommended) - Secure key storage and transmission - Monitor API key usage and access patterns - Implement key revocation procedures

External Service Authentication

OCR Service Authentication

Document Automation connects to external OCR services using service-specific authentication.

Account Setup:

  1. Create account at OCR service provider
  2. Obtain service credentials (username/password or API key)
  3. Configure credentials in Document Automation setup
  4. Test connection and validate access

Security Considerations: - Use strong passwords and enable 2FA where available - Regular credential rotation - Monitor service usage and access logs - Implement credential backup and recovery procedures

Email Service Authentication

Microsoft Graph API (OAuth 2.0):

Client ID: [Azure Application ID]
Client Secret: [Azure Application Secret]  
Tenant ID: [Microsoft 365 Tenant ID]
Scope: https://graph.microsoft.com/Mail.Read

IMAP Authentication:

Server: [IMAP Server Address]
Port: 993 (SSL) or 143 (STARTTLS)
Username: [Email Account]
Password: [Application Password or OAuth Token]

Security Configuration

Certificate-Based Authentication

Azure Certificate Setup

For enhanced security, configure certificate-based authentication:

  1. Generate Certificate:
    • Create X.509 certificate for authentication
    • Export certificate in appropriate format
    • Secure private key storage and management
  2. Azure Configuration:
    • Upload certificate to Azure application registration
    • Configure certificate-based authentication
    • Set appropriate certificate validation policies
  3. Application Configuration:
    • Configure certificate authentication in Document Automation
    • Implement certificate validation and renewal
    • Monitor certificate expiration and renewal

On-Premise Certificate Setup

For on-premise deployments:

  1. Certificate Authority Configuration:
    • Set up internal CA or use external CA
    • Generate and distribute certificates
    • Configure certificate validation policies
  2. Business Central Configuration:
    • Enable certificate authentication
    • Configure trusted certificate authorities
    • Set up certificate revocation checking

Multi-Factor Authentication

Azure AD Integration

Configure multi-factor authentication for enhanced security:

Conditional Access Policies: - Require MFA for Document Automation access - Location-based access controls - Device compliance requirements - Risk-based authentication policies

Configuration Steps:

  1. Enable MFA in Azure AD
  2. Configure conditional access policies
  3. Test MFA integration with Document Automation
  4. Train users on MFA procedures

On-Premise MFA

For on-premise environments:

ADFS Integration: - Configure ADFS for multi-factor authentication - Integrate with Document Automation authentication - Set up MFA policies and requirements - Monitor and audit MFA usage

Access Control

Role-Based Access Control (RBAC)

Permission Sets

Document Automation uses Business Central's native permission system:

Standard Permission Sets: - Document Automation Admin: Full administrative access - Document Automation User: Standard user access for document processing - Document Automation Viewer: Read-only access to processed documents

Custom Permission Sets: - Create custom permissions for specific roles - Granular control over tables, pages, and reports - Department or function-specific access - Temporary or project-based permissions

Field-Level Security

Configure field-level access restrictions:

Sensitive Data Protection: - Restrict access to financial amounts - Control visibility of vendor information - Limit access to document content - Audit field-level access and modifications

API Access Control

Endpoint Security

Configure security for specific API endpoints:

Resource-Based Access: - Control access to specific document types - Vendor-specific access restrictions - Department or cost center limitations - Time-based access controls

Rate Limiting: - Configure request rate limits per user/application - Implement burst protection and throttling - Monitor API usage patterns - Alert on unusual access patterns

Security Monitoring

Audit Logging

Authentication Events

Monitor and log authentication activities:

Login Events: - Successful and failed login attempts - Multi-factor authentication events - Token generation and refresh activities - Session management and timeout events

API Access Events: - API endpoint access and usage - Data access and modification events - Error events and security violations - Performance and availability events

Log Analysis

Implement comprehensive log analysis:

Security Monitoring: - Real-time security event monitoring - Automated threat detection and alerting - Compliance reporting and analysis - Incident response and investigation

Performance Monitoring: - Authentication performance tracking - API response time monitoring - Resource utilization analysis - Capacity planning and optimization

Compliance and Governance

Regulatory Compliance

Ensure compliance with relevant regulations:

GDPR Compliance: - Data protection impact assessments - Consent management and tracking - Right to erasure implementation - Data breach notification procedures

Industry Standards: - SOC 2 compliance requirements - ISO 27001 security standards - PCI DSS for financial data - HIPAA for healthcare organizations

Security Governance

Implement security governance framework:

Policy Management: - Security policy development and maintenance - Regular policy review and updates - User training and awareness programs - Compliance monitoring and reporting

Risk Management: - Regular security risk assessments - Vulnerability management procedures - Incident response planning and testing - Business continuity and disaster recovery

Best Practices

Authentication Security

Credential Management

  • Use strong passwords and regular rotation
  • Implement secure credential storage
  • Monitor credential usage and access patterns
  • Implement credential recovery procedures

Token Security

  • Secure token transmission and storage
  • Implement token expiration and refresh
  • Monitor token usage and detect anomalies
  • Implement token revocation capabilities

Integration Security

Network Security

  • Use encrypted connections (TLS 1.3)
  • Implement network segmentation
  • Configure firewall rules and access controls
  • Monitor network traffic and detect anomalies

Application Security

  • Implement secure coding practices
  • Regular security testing and assessment
  • Vulnerability scanning and management
  • Security patch management procedures

Troubleshooting

Common Authentication Issues

OAuth 2.0 Problems

  • Invalid client credentials
  • Expired or invalid tokens
  • Insufficient permissions
  • Redirect URI mismatches

API Key Issues

  • Expired or revoked API keys
  • Insufficient key permissions
  • Rate limiting and throttling
  • Key storage and retrieval problems

Resolution Procedures

Diagnostic Steps

  1. Verify authentication configuration
  2. Check credential validity and expiration
  3. Review permission assignments
  4. Analyze authentication logs and events

Support Resources

  • Contact Q-Team Solutions for authentication issues
  • Review Azure AD and Business Central documentation
  • Access diagnostic tools and utilities
  • Participate in user forums and communities

Security Updates

Maintenance Procedures

  • Regular security updates and patches
  • Authentication configuration reviews
  • Credential rotation and renewal
  • Security policy updates and training

Change Management

  • Document authentication configuration changes
  • Test authentication updates in development environment
  • Implement rollback procedures for failed changes
  • Communicate changes to users and stakeholders