Create Azure Active Directory application for HeyLoyalty

Azure Active Directory (AAD) application1 is needed to ensure HeyLoyalty can update data in Business Central (BC). To create one along with the set of credentials, follow the steps provided below.


  • Make sure the actions are performed by a user that is both an Azure Active Directory administrator and a BC administrator. These steps require you to grant the administrator access to certain parts of your Azure Active Directory. You should therefore be an administrator in your tenant or get your administrator to perform these steps.
  • This procedure can only be used when your BC tenant is registered with Azure Active Directory as the login method. If you are using Microsoft’s SaaS this will already be the case.


  1. In BC click the Lightbulb button, search for the HeyLoyalty Integration Setup page and open it.
Cannot find the page? HeyLoyalty integration feature is not enabled by default. To enable it, navigate to NaviPartner Feature Management page, and make sure there is a checkmark in field Enabled on the HeyLoyalty Integration line. Do not forget to log into to the system again after enabling the integration.
  1. In the page’s menu ribbon select Actions > Initial Setup > Azure Active Directory OAuth, and click Create Azure AD App.
    A pop-up window is displayed.

Granting permissions to NP Retail - Azure AD Application Management App

  1. Grant permission to the NP Retail - Azure AD Application Management App.
    This app allows the code to create the Azure Active Directory application for the HeyLoyalty integration.

  2. Make sure that the consent screen identifies the application as being verified with “Navi Partner København ApS” as Microsoft Partner.

  3. On the Permission Requested page select Consent on behalf of your organization.

  4. When asked if you want to create a user, click Yes.

  5. When asked if you want to grand admin consent, click Yes.
    If there is an issue granting consent (e.g. a pop-up didn’t open), you’ll be able to do it later.

    As soon as the Azure Active Directory application is created, the information will be displayed on the screen.

  6. Make sure to copy the client secret that is shown in the message box to a safe place.
    It will not be visible after the box is closed. Azure AD application details

  7. In BC click the Lightbulb button, search for “aad” and open the Azure Active Directory Applications page.

  8. Find the newly created application (it’ll have “HeyLoyalty” in its name), and open the card by clicking Client ID.

  9. On the Azure Active Directory Application Card, click Grant Consent to allow the newly created application access to the Business Central API.

  1. To interact with the web services (APIs) of Business Central, the external party (HeyLoyalty) needs to use the OAuth 2 protocol to gain an access token. When working with two services interacting with one another, the client needs to use the client credentials flow. The credentials for the client credentials flow are obtained through an Azure Active Directory application. ↩︎