Advertisements

Archive

Posts Tagged ‘AAD Security Group’

Working with Azure Active Directory (AAD) Groups in Dynamics Customer Engagement

July 6, 2019 1 comment

In Dynamics 365 online, along with ‘Owner’ and ‘Access’ type, following types have been introduced in ‘Teams’.

  • AAD Security Group
  • AAD Office Group

T1

With these new ‘Team Types’, records in Dynamics 365 can be owned by AAD Groups.

Lets understand what is Azure Active Directory (AAD) group and what’s the significance of making AAD group as owner of a Dynamics record.

  • The administrator can create Azure AD group teams that are associated to the Azure AD groups in each of the Customer Engagement and assign a security role to these group teams.
  • When members of these group teams access these environments, their access rights are automatically granted based on the group team’s security role.

Create AAD Group:

  • Make sure you have Office 365 account (Subscribe to 30 days trail here)
  • Connect to Microsoft 365 Admin Center using Office 365 credentials.
  • Create Users and assign ‘Dynamics 365 Customer Engagement Plan’ license.

T2

  • Now connect to Azure Active Directory Portal
  • Create a new Group of type ‘Office’ and add the Users.
  • Copy the ‘Object ID’ which we need in next steps.

T3

Create Team of type ‘AAD Office Group’:

  • Connect to Dynamics instance
  • Navigate to Settings -> Security -> Teams -> New
  • Select ‘Team Type’ as ‘AAD Office Group’ and paste the AAD Group ‘Object Id’ copied in above section.
  • Save and assign a role.

T4

Access the Dynamics as ‘AAD Group’ Team Member:

As we created a AAD Group and a Team in Dynamics App with ‘Sales Manager’ security role, it’s time for ‘Test User 1’ to access the Dynamics Application.

  • Login to Dynamics Application as ‘Test User 1’
  • Post login, Dynamics App greeted me with ‘You need a Microsoft Dynamics 365 security role to continue’ message.

T5

  • From the message, its clear that Dynamics App expecting ‘Test User 1’ to have a User level Security role and not honoring the Team level Security Role which he is member of.
  • We can resolve this issue by assigning ‘Sales Manager’ role to ‘Test User 1’ which means for every User of AAD group we have to on-board by assigning them an individual security role.
  • But we can make ‘Test User 1’ access Application with out assigning a Role, as we got a cool ‘Member’s privilege inheritance’ feature introduced in ‘Security Role’.

‘Member’s privilege inheritance’ in Security Role:

  • Navigate to ‘Settings -> Security -> Security Roles’
  • Open the ‘Sales Manager’ security role.
  • Change the ‘Member’s Privilege Inheritance’ to ‘Direct User (Basic) access level and Team privileges‘ and Save.

T6

  • Refresh the Dynamics application, ‘Test User 1’ can access the records and application.

T7

  • By setting ‘Member’s Privilege Inheritance’ to ‘Direct User (Basic) access level and Team privileges‘ makes the ‘Sales Manager’ role as both User role as well Team role.
  • This feature eliminates the need of AAD Admin to assign User level roles to individual group members.

Assign Records to ‘AAD Group’ Teams:

  • We can assign the record to ‘AAD Group’ Teams similar to ‘Owner’ Teams.

T8

🙂

 

 

Advertisements