← Back to Free BC Review form

App Registration walkthrough

A 10–15 minute step-by-step guide to creating the Microsoft Entra ID App Registration that Amplio needs to run your Free Business Central review. Follow it in order and copy four values into your password manager as you go: Tenant ID, Client ID, Client Secret, and BC Environment name.

What you'll do

  1. Before you start — what you need
  2. Sign in to the Azure portal in the right tenant
  3. Open Microsoft Entra ID → App registrations
  4. Create the App registration
  5. Copy the Tenant ID and Client ID
  6. Add the Business Central API permissions
  7. Grant admin consent
  8. Create the client secret
  9. Find your BC environment name
  10. Paste the four values into the form

Before you start

Confirm these five points first — skipping any of them is the most common cause of a stalled review.

Why we ask for this access. Amplio's scanner authenticates as the App Registration you create, reads metadata from your BC tenant for the sixteen review modules, and disconnects. The client secret is encrypted before storage and deleted immediately after the report is emailed. We never act on behalf of a signed-in user and we never write.

Side A — Azure portal

1Sign in to the Azure portal in the right tenant

Open a private / incognito browser window so you don't pick up a stale Microsoft session from a different tenant. Browse to https://portal.azure.com and sign in with the admin account of the directory that hosts your Business Central environment.

Click the avatar in the top-right corner. The dropdown shows the directory name. If it shows the wrong tenant, click Switch directory and pick the right one before continuing.

[Screenshot: Azure portal home page with the directory selector circled in the top-right corner]

2Open Microsoft Entra ID → App registrations

In the global search bar at the top of the portal, type Microsoft Entra ID and click the matching service. (You may still see the older name Azure Active Directory — same service.)

On the Entra ID overview page, in the left-hand nav, click Manage → App registrations.

[Screenshot: Entra ID left nav with "App registrations" highlighted under Manage]

3Create the App registration

Click + New registration at the top of the pane and fill the form in like this:

  • Name: Amplio BC Review (READ) — the brackets make it obvious to a future admin that this is a read-only review identity, not a permanent integration.
  • Supported account types: Accounts in this organizational directory only (Single tenant). Do not pick a multi-tenant option — the scanner doesn't need it and the tighter scope is safer.
  • Redirect URI: leave the dropdown on Web and leave the URL field empty. The scanner uses the client-credentials OAuth flow, which never redirects a browser.

Click Register. Azure provisions the app and lands you on its Overview page.

[Screenshot: "Register an application" form with Single tenant selected and no redirect URI]

4Copy the Tenant ID and Client ID

On the new app's Overview page, find the Essentials box near the top.

  • Copy Application (client) ID — this is what the form labels Client ID. Save it as Amplio BC Review — client ID.
  • Copy Directory (tenant) ID — this is what the form labels Tenant ID. Save it as Amplio BC Review — tenant ID.

Both are UUIDs in the form 11111111-2222-3333-4444-555555555555 — 36 characters including the hyphens.

[Screenshot: App registration Overview page with Application (client) ID and Directory (tenant) ID highlighted]

5Add the Business Central API permissions

In the left-hand nav of the App registration, click API permissions, then + Add a permission. A blade slides in from the right.

  1. On the Microsoft APIs tab, click Dynamics 365 Business Central. If you don't see the tile, type Business Central into the search box.
  2. Choose Application permissions (not Delegated permissions). Application = the app acts as itself with no signed-in user, which is what the client-credentials flow needs.
  3. Tick the following scopes (search for each in the long list, then expand the matching group):
    • Financials.ReadWrite.All — required. If your tenant exposes a read-only Financials.Read.All scope, prefer that — the Amplio scanner only ever reads.
    • app_access — required so BC will accept the app at all.
    • Customer.Read.All — if exposed as a discrete scope in your tenant.
    • Item.Read.All — if exposed as a discrete scope in your tenant.
    Why ReadWrite when we only read? The official BC API in many tenants ships only the broader Financials.ReadWrite.All scope — there is no read-only equivalent published yet. Amplio's scan code is read-only by design and never calls a write endpoint. The wider permission is granted to the App Registration; it is not granted to Amplio.
  4. Click Add permissions at the bottom of the blade.
[Screenshot: "Request API permissions" blade with Dynamics 365 Business Central → Application permissions → Financials.ReadWrite.All ticked]

6Grant admin consent

Back on the API permissions page, click Grant admin consent for <your directory> at the top of the list, and confirm the prompt. The Status column for every Business Central permission must change to a green tick that reads Granted for <directory>.

Button greyed out? You're signed in as a user without the right admin role. Send the App registration's URL to a Global Administrator and ask them to click Grant admin consent. They don't need to do anything else — you can carry on from step 7 once they confirm.
[Screenshot: API permissions page with the green "Granted for <directory>" tick on each Business Central permission]

7Create the client secret

In the left-hand nav of the App registration, click Certificates & secrets. On the Client secrets tab, click + New client secret.

  • Description: Amplio Free BC Review
  • Expires: choose 90 days — the shortest preset that comfortably covers the scan plus the follow-up review call. Do not choose Never: long-lived secrets are a permanent audit liability.

Click Add. Azure displays the new secret in the table.

Copy the secret value immediately. The Value column shows the secret in full for one short window only. Click the copy icon at the right of the row and paste it into your password manager. Once you navigate away from this page Azure will never show the value again — it will only show the masked first four characters.

If you accidentally close the page before copying it, don't panic: click + New client secret again, name it Amplio Free BC Review (retry), copy that one instead, then delete the first secret.

[Screenshot: Client secrets tab with the Value column highlighted and the copy icon circled]

Side B — Business Central

8Find your BC environment name

Open https://businesscentral.dynamics.com in a new tab and sign in. In the top-right corner of the BC home page, the Environment selector shows the active environment — typically Production or a sandbox name like Sandbox, SANDBOX-UAT, TEST, etc.

The environment name is the second path segment in your BC URL, e.g.:

https://businesscentral.dynamics.com/<tenantId>/Production?company=…

Copy whatever sits in that second path segment — that's the value to paste into the form.

Not sure which to pick? If you have only one BC environment, use it. If you have several, pick the one whose data is closest to live: Production is best; a UAT sandbox is fine if Production is locked down. Amplio reviews the environment you name — not all of them.
[Screenshot: BC home page with the environment selector visible top-right]

9Paste the four values into the form

You should now have four values in your password manager:

  • Tenant ID — UUID, from step 4 (the Directory (tenant) ID).
  • Client ID — UUID, from step 4 (the Application (client) ID).
  • Client Secret — long random string, from step 7. Treat it like a password.
  • BC Environment name — short word, from step 8.

Return to the Free BC Review form, paste each value into the matching field, and submit. Amplio will email a branded PDF report inside one business day.

Back to the form Download a printable .docx copy

Stuck?

Email reviews@ampliosolutions.co.uk with a screenshot of the step you are stuck on. We reply within one working day.