Skip to content

Setup of the Sage 200 Native API - using Microsoft Azure Active Directory Tunnelling

  Less than to read

If you already use the 200 API via Sage ID and an externally facing web server, before following these steps access System Administration, choose the option for API, choose edit and untick the option for Enable API. This will turn off access via the previous method and allow you to follow the next steps.

Due to TLS/ Sage ID changes here, the Azure Active Directory Tunnelling method is supported in Sage 200 Professional Summer 2018 Remastered, 2020 R1 and above.

If you are looking to set up the Native API Tunnel with the same Office 365 tenant as used in a test environment, please follow the steps in this article to successfully move the Native API. You may come back here when you wish to reinstall the App Proxy Installer.

Onboarding with Microsoft 365 (video)

Prior to setting up the API, you must ensure you have carried out the required steps to onboard with Microsoft 365. You can read about this in the following Sage Knowledgebase guide or watch a video guide below.

Setup the Sage 200 Native API - using Microsoft Azure Active Directory Tunnelling (video)

The following video details the steps covered in this guide. We’d recommend watching the video first, and follow the steps in the guide below as you perform the set up.

Prerequisites for using the Sage 200 Native API

Before setting up the Sage 200 Native API, you must first ensure you have a supported Microsoft 365 licence. This guide, will take you through what is supported and how to check you have the right license before contacting us.

If you have purchased an Microsoft 365 license from Sage, you will have received a “getting started” email. To onboard this license, follow the steps in the email.


Note: A unique Microsoft 365 tenant must be used per customer otherwise any attempt to setup a second customer against the same [email protected] email address will result in an error AD Application Proxy - unknown error code - APISiteAlreadyExists.

To add an existing Microsoft 365 license to your Sage registration Confirm through this guide you have the supported license Email Business Partner Sales via [email protected] and ask for an existing Microsoft 365 registration to be added to your customers account. You will also need to the Sage 200 API registration is enabled on your license


CAUTION: Sage recommends when connecting your Microsoft 365 to Sage 200 that you use the [email protected] email address that is included with your tenant. If you do not have this email address, you can continue to connect Microsoft 365 using your account however there will be additional steps to ensure the API is enabled. These are detailed in the Set up the Native API section.

Once you have accepted the Microsoft agreement and the Sage Business Centre application permissions, you will be taken to the Sage Business Centre. This will indicate that the on boarding has been successful and you can now continue to install the Sage 200 Native API application.


Note: During the onboarding, you may receive an error that looks like this:Cannot setup your integration. We cannot setup your Sage 200 Accounts integration with Microsoft 365 because your Microsoft account does not include the required subscriptions. If you see this error, please follow this article to resolve.

Some activities involving Azure Active Directory can only be performed by users who have Global Administrator rights. Please refer to this article from Microsoft for further details about what is required.


CAUTION: Sage take no responsibility for information on external pages.

Connect Sage 200 to your Microsoft 365 account

Now you have activated your Microsoft 365 license and registered it with Sage, you will now need to install the Microsoft Azure Active Directory Proxy Connector on your Sage 200 server.


NOTE: Ensure you are logged in as a windows user who exists within Sage 200 and they are already attached to a role within Azure, otherwise there will likely be an error when accessing the API tab in System Administration. If you’re using Azure Virtual Desktop ensure that the Azure Active Directory Proxy Tunnel is installed within the session desktop into the Azure Environment.

This connects your Sage 200 server to the Azure Active Directory where authentication is done to allow you to “tunnel” in and out of your network securely.

The Microsoft Azure Active Directory Proxy Connector requires Microsoft Windows 8.1, Windows Server 2012 R2, or later versions of Windows.

  1. Download the Azure Application Proxy Installer.
  2. Extract the contents of the downloaded .zip.
  3. Run the AppProxyInstaller.exe.
  4. Click Install and Configure.


  5. This starts the Microsoft Azure Active Directory Proxy Connector installer. Click Install.


  6. You will be asked to sign into your Microsoft Azure account.
  7. Click Close when the Microsoft Azure Active Directory Proxy Connector setup is complete.
  8. You will be asked to sign into your Microsoft Azure account again.
  9. The installer will now populate with information for you to create your enterprise applications within Azure Active Directory.

TIP: The Windows user you are currently logged in as will automatically activate the API within system administrator and that email address will be used for the Azure ID for that user.

To set up the Native API

  1. Go to and sign in with your email address you’ve used in the installation.
  2. Select Enterprise applications.
  3. Select New application.
  4. Select On-premises application.
  5. Enter the details for the on-premises application.
  6. Copy and paste the Native Name to the Name Field and Native Internal URL to the Internal URL field from the Microsoft Azure Active Directory Proxy Connector installer
  7. Set Pre Authentication to Passthrough.
  8. Click Add to create the application.
  9. Once this has completed, you’ll see an overview of the application you have just created.

TIP: If you have gone through this process with an email address which is not admin@***, the API will not be automatically enabled. In System Administration on the API tab, the status will be set to PendingAuthorisation.

In this instance your Business Partner will have to contact Technical Support to enable your API registration with the following information:

  • The site name
  • The site URL
  • The email address used during the setup

If you have issues finding any of these, contact Sage 200 technical support first. (Both site name and site url can be found in Sage System Administration on the API tab.)

Once this has been enabled, you will receive an email confirming this has been done, and you can proceed to the next step.

If you need to set up the connection with a different administrator account, use Reconfigure to change the Microsoft 365 account the application is associated with.


NOTE: You must also enter the Microsoft 365 email address for each user account in Sage 200. See Set up user email addresses in Sage 200.

Set up user email addresses in Sage 200

To give a user access to the Sage 200 API they will require a valid Sage ID. The currently logged in user will also have Azure AD ticked and the Azure ID entered automatically in the API tab in System Administration.

  1. Open: System Administration.
  2. Select the Users list.
  3. Right-click the user and select Properties.
  4. Select the API tab.
  5. Enable Sage ID and enter the user’s Sage ID email address (this is to be used to authenticate with when using the API).
  6. Ensure the Sage ID created in step 4 can login successfully to the web page - ensuring the MySage terms and conditions have been accepted before proceeding

To test the API has been successfully configured

Once you’ve set the API up and installed the Native API proxy installer you can test to see whether the API successfully returns any information.

We have an API Test tool for you to use to confirm whether you can successfully return sites. The download and instructions can now be found in this article.

Now that the API is enabled successfully, you may wish to look at further documentation: