Creating the Application Registration
Log in to Entra using Global Administrator credentials. After logging in, go to Applications > App Registrations in the left menu and click 'New Registration':
Enter a name for the app, in this case, Document Links.
Next, under 'Supported Account types', select 'Accounts in this organisation directory only'.
Then, under 'Redirect URL', select 'Web' from the drop down and then enter https://businesscentral.dynamics.com/OAuthLanding.htm. Note: for On-premise deployments of Business Central, please use the Web Base Client URL appended with Oauthlanding.htm e.g. https://businesscentral.mycompany.com/Production/OAuthlanding.htm.
Once the above has been completed, hit 'Register':
Now you have an App registration, you need to add in an additional Redirect URI. To do this, click into the 'Manage' menu on the left-hand side of the screen and select 'Authentication' and then under 'Web Redirect URI's', click 'Add Redirect URI':
You now need to select 'Web' from the 'Select a platform to add redirect URI' screen:
You now need to add the URL for SharePoint Root Site you will be using for Document Links. Add the URL for your SharePoint site and click 'Configure':
The 'Redirect URI configuration' on the 'Authentication' page will now look like this:
API Permissions
On the left-hand side 'Manage' menu, select 'API Permissions'. The page will initially look like this:
Firstly, you need to remove the 'User.Read' permission under 'Microsoft Graph' that was added by default during the App Registration creation. To do this, click on the 'User.Read' permission. In the window that opens, click 'Remove Permission' at the top:
You now need to add three new permissions.
Click the ‘+Add a permission’ button and select the large ‘Microsoft Graph’ banner at the top of the screen:
Then select ‘Delegated permissions’ from the options:
Scroll down to ‘Sites’ and expand this option. Then tick the ‘Sites.ReadWrite.all’ permission. Then click ‘Add permissions’ at the bottom:
You will need to add a further two permissions.
Click on ‘+Add a permission’ and select the large 'Microsoft Graph' banner at the top as before. But this time, choose ‘Application Permissions’ from the options, instead of ‘Delegated permissions’:
Scroll down to ‘Sites’, expand the list, and tick the ‘Sites.ReadWrite.all’ permission. Then click ‘Add permissions’ to save this choice:
Click on ‘+Add a permission’ a third time, and this time, choose 'SharePoint' from the list of commonly used Microsoft APIs:
Choose ‘Application permissions’:
Scroll down to ‘Sites’, expand the list, and tick the 'Sites.ReadWrite.all' permission. Then click ‘Add permissions’ to save this choice:
The Permissions screen should now look like this:
Once all three permissions have been added, click the 'Grant admin consent for mydomainname' button, as below:
The permissions screen should now look like this:
Certificates and Secrets setup for Clever Document Links
At this point, you can choose to authenticate the app to SharePoint using either a certificate or a Client Secret. This guide covers both methods, though certificate authentication is recommended for production use.
Using an SSL Certificate
Obtain a certificate from a recognized authority. Both a .cer file (for Azure) and a .pfx file (for Business Central) are required.
On the left panel, under 'Manage', click 'Certificates & Secrets'.
Click the 'Certificates' tab.
Click 'Upload Certificate'.
In the right-hand window:
Upload the .cer file.
Add a description, e.g., "Doc Links".
Click Add
Using a Client Secret
In your App Registration, go to 'Certificates & Secrets' in the left-hand menu.
Click the 'Client Secrets' tab.
Select 'New client secret'.
In the window that opens:
Add a Description (e.g., “Doc Links”).
Set an Expiry period (choose what suits your organization).
Important: After creating the secret, immediately copy the "Value" field, as Entra will hide it shortly and it won't be viewable again.
Then, go to the ‘Overview’ section of the left-hand menu to record the ‘Directory (tenant) ID’ and ‘Application (Client) ID’. You’ll need these values later when selecting the Client Secret option in the Doc Links setup in Business Central.
Applying App Registration details in Business Central
Once your Certificate or Client Secret is set up in Azure, you're ready to continue with the SharePoint integration setup in Business Central.
In BC search for Doc links in the Search at the top and click "Document Links Setup".
You can launch the SharePoint Setup Wizard in one of two ways:
1. By changing the File Storage field in "Document Links Setup".
2.By clicking the SharePoint action on the "Document Links Setup" page and then click SharePoint Setup.
Click Next to begin.
Step 1: Enter Your SharePoint Site URL
Enter the full SharePoint Site URL where your documents will be stored.
Example:
https://Clever578.sharepoint.com/sites/DocLinks
This ensures Clever Document Links knows where to send your files.
Step 2: Enter the Scope
To form the scope, take the base part of your SharePoint URL and add 'Sites.Selected' to the end of the URL.
Using the example above, the Scope would be: https://Clever578.sharepoint.com/Sites.Selected
This limits permissions to only the selected SharePoint Site, nothing more.
Step 3: Set Your SharePoint Library and Folder
Library Name: Enter the name of your document library in SharePoint (e.g., Shared%20Documents).
Click Next.
Step 4: Choose a Folder Structure.
Folder Name (optional): Add a folder name if you want to organise documents into a top-level folder within the library.
Folder Structure: Decide how you want your files to be organised in SharePoint:
Structure example
'Single Folder' = All files in one folder (not recommended)
'Type/No' = Customer\Customer No.\FileName
'Company Name/Type/No.' = Company\Customer\Customer No.\FileName
'Company Name/Type' = Company\Customer\FileName
'Type' = Customer\FileName
Click Next.
Step 5: Choose Authentication Type.
Choose how you'll connect Business Central to SharePoint, 'Client Secret' or 'Certificate' then click Next.
Using Client Secret
If you choose 'Client Secret', enter the TenantID, ClientID and Client Secret values we made a note of earlier.
Click Next and then Test Connection to validate the setup.
You will be prompted with a consent dialogue box. If you are logged in to Business Central as a Global Administrator, then you have the option to consent on behalf of your entire organisation.
If you arent logged in as a Global Administrator, you can only consent to the Application as your own user and then every other user will be challenged for consent when they first attempt to upload a document from Document Links.
Click Accept and you should get 'a successful connection was made' message as follows:
Click OK to finish the setup.
You're done! Clever Document Links is now connected to Sharepoint.
Using Certificate
If you choose 'Certificate', enter the TenantID and ClientID we notes earlier than click 'Import Certificate' and upload your .pfx file.
Enter the Password used when you created the certificate.
Click Next.
Final Step: Test & Finish.
You will be prompted with a consent dialogue box. If you are logged in to Business Central as a Global Administrator then you have the option to consent on behalf of your entire organisation.
If you aren't logged in as a Global Administrator, then you can only consent to the Application as your own user and then every other user will be challenged for consent when they first attempt to upload a document from Document Links.
Click Accept and you should see the connection successful notification.
Click OK to finish the setup.
You're done! Clever Document Links is now connected to SharePoint.