Azure guest accounts in CDS/Dyn365

Azure guest accounts in CDS/Dyn365

Azure Active Directory (AAD) has a feature where it allows users of foreign tennants to be granted access to the current tennant. In other word, if you are running contoso.com and a user of northwind.com would like to have access, you can add this user as a guest account in Azure. However, I have found that giving this user access to Dynamics is not fully straight forward, although, it is far from rocket science. In this article I will show how this is done.

Do note that I have heard from people in the product team that there are features of the powerplatfor that cannot currently be accessed using a guest account, I think it was Canvas Apps and Flow. I will have to try this out and get back to you (or someone else could! – I would appreciate a link back to this article) in a later article. I also do think that they are workin on this.

On a high level, what we need to do is:

  1. Add user in AAD
  2. Grant License
  3. Wait for the user to pop up in CDS/Dynamics
  4. Assign a security role in CDS/Dynamics

To start with, we need to go to the Azure Portal: https://portal.azure.com – and click on the AAD menu item on the left.

 

 

Browse to portal.azure.com -> click Azure Active Directory (AAD) -> Click Users

Click “New guest user”

Enter the email address of the user, and perhaps some nice personal email message showing you are not some evil spammer!

Then go to portal.office.com and you will now be able to see the new guest user in here.

Select the guest user and click “Edit product licenses” – Note, I have not been able to set licenses directly by opening the user, only this way.

Assign the license required, P2 or Dynamics Customer Engagement App or Plan – in the example above, a Dyn365CE Plan 1 (trial)

After you have assigned the guest user a license, you have to wait a while until the asynchronous service in O365 provisions the user in the CDS. This often is rather quick, but sometimes takes more time. When I was making this, it took more than 15 minutes.

To find the user in CDS/Dyn365 go to Settings and click on Security. (Old UI)

And then click on “Users” in the Security area.

This is how a guest user look like in Dynamics 365/CDS. It has a # sign in front of it. As you can see, I have another one with my name previously created.

The last thing that has to be done is to grant the guest user the correct role.

After this, just give the user the direct URL to the system and they should be able to log in with their normal users.

This is a very useful method to use when setting up trials for someone as they do not have to sign in with another account to access they system. I strongly recommend it.

As mentioned in the beginning of this article, there might still be some issues with using canvas apps and Flow using guest users, so do be aware that not all features could be available.

 

New default Access Mode in Dynamics CRM Online

New default Access Mode in Dynamics CRM Online

As some of you might have noticed when setting up a new Dynamics CRM Online 2015, for instance a 30 day trial, which can be done on this link, you will now see a much more limited view than before.

This is due to the fact that the default Access mode of the user that is created when the CRM instance is set up to “Administrative” not “Read-Write” as it used to be. The point of this is that it is not to use a license unless necessary.

To change it, go to the new location of user in Settings->Security->Users

The first thing we have to do is to assign a license to the user from the O365 portal. So click the link in the top information part of the user form to navigate there directly.

This will take you to the O365 provisioning, where you can assign a CRM license to your user.

Sorry, this is in Swedish, I tried provisioning Everything in English but the stripes don’t seem to go out…

To edit the licenses for the selected user, click “Edit” in the pane on the right hand side.

Still in Swedish, it says, “Select License, choose location in the dropdown”

When you have pressed edit, you are able to edit the licenses for the user, select an appropriate location, and click in the box for Dynamics CRM and press save. Now go back to the user form in CRM, it should be on Another tab.

Scroll to the bottom of the user form and expand the “Administration” tab by clicking on it.

You will now see the Access Mode selector and see that it has been set to “Administrative”.

Change it to “Read-Write”.

If you do not assign a license in the O365 portal, you will see this error in CRM when trying to change the Access Mode.

Remember, that the sitemap has to be reloaded, so press F5 to reload CRM, and as you can see, Everything is turned on now.

Anybody notice that Microsoft might need to do something about the sampledata? 🙂
 

Good luck!

Gustaf Westerlund
MVP, CEO and owner at CRM-konsulterna AB
www.crmkonsulterna.se