User Management in Dynamics 365 CE Online - Part 3

User Management in Online instance

Enable users

  1. To enable a user, assign a license to the user and add a user to the security group that is associated with an instance of Customer Engagement apps. 
  2. If a disabled user needs to be enabled, a new invitation must be sent for the user to access the system.

Disable users

  1. To disable a user, 
  • Remove a license from the user or 
  • Remove the user from the security group that is associated with an instance of Customer Engagement apps. 

Note

  1. Removing a user from the security group doesn’t remove the user’s license. 
  2. If the same license needs to be available to another user,  the license must first be removed from the disabled user.

Important

  1. Removing all security roles from the user prevents the user from signing into and accessing Customer Engagement apps. However, it doesn’t remove the license from the user and the user remains in the list of the enabled users in Customer Engagement apps. 
  2. Removing security roles from a user isn’t a recommended method of removing access to Customer Engagement apps.
  3. When using a security group to manage enabling or disabling users or provisioning access to a Dynamics 365 org, nested security groups within a selected security group are not supported and ignored.
  4. One must be a member of an appropriate administrator role to do these tasks. 

Enable a user by assigning a license to the user and adding a user to the security group

  1. Browse to the Microsoft 365 admin center and sign in.
  2. Click Users > Active users and select the user.
  3. Under Product licenses, click Edit.
  4. Turn on a Dynamics 365 for Customer Engagement apps license, and then click Save > Close.
  5. In the Microsoft 365 admin center, click Groups > Groups.
  6. Choose the security group that is associated with the Customer Engagement apps organization.
  7. Under Members, click Edit, and then Add members. Select from the list of users with Office 365 licenses or use Search to find users.
  8. Select the users to add to the security group, and then click Save > Close multiple times.

Disable a user by removing a license from the user

  1. In the Microsoft 365 admin center, click Users > Active Users and select a user.
  2. In the right-side menu, under Product licenses, click Edit.
  3. Turn off the "Dynamics 365 for Customer Engagement apps"  license, and then click Save > Close.

Disable a user by removing the user from the security group that is associated with an instance of Dynamics 365 for Customer Engagement apps (online)
  1. In the Microsoft 365 admin center, click Groups > Groups.
  2. Choose the security group that is associated with the Customer Engagement apps organization.
  3. In the right-side menu, under Members, click Edit.
  4. Click Remove members, and then the select users to remove from the security group.
  5. Click Save > Close multiple times.

 Delete users in the Microsoft 365 admin center

  1. Users can also be deleted in the Microsoft 365 admin center. 
  2. When a user is removed from the subscription, the license assigned to that user automatically becomes available to be assigned to a different user. 
  3. If the disabled user still needs to have access to other applications in Office 365, for example Microsoft Exchange Online or SharePoint, don't delete them as a user. Instead, simply remove the Dynamics 365 for Customer Engagement apps license.

Sign On Process

  1. Signing out of the Microsoft 365 admin center doesn't sign you out of Customer Engagement apps. It has to be done separately.

Types of User Account

1. Create a Read-Write user account

Read-Write Account:

  1. By default all licensed users are created with an access mode of Read-Write. This access mode provides full access rights to the user based on the security privileges that are assigned. 

Steps:

To update the access mode of a user:
  1. Go to Customer Engagement apps.
  2. Go to Settings > Security.
  3. Choose Users > Enabled Users, and then click a user’s full name.
  4. In the user form, scroll down under Administration to the Client Access License (CAL) Information section. In the Access Mode list, select Read-Write.
  5. Click the Save icon

2. Create an Administrative user account

Administrative user account

  1. An Administrative user is a user who has access to the Settings and Administration features but has no access to any of the customer engagement functionality. 
  2. It is used to allow customers to assign administrative users to perform day-to-day maintenance functions (create user accounts, manage security roles, etc). 
  3. Since the administrative user does not have access to customer data and any of the customer engagement functionalities, it does not require a Dynamics 365 for Customer Engagement apps (online) license (after setup).
  4. One needs to have the System Administrator security role or equivalent permissions in Dynamics 365 for Customer Engagement apps to create an administrative user. 
  5. First, create a user account in Office 365 and then in Dynamics 365 for Customer Engagement apps (online), select the Administrative access mode for the account.

Steps:

  1. Create a user account in the Microsoft 365 admin center.
  2. Be sure to assign a Customer Engagement apps license to the account.  License needs to be  removed (step 6) once the Administrative access mode is assigned.
  3. Go to Customer Engagement apps.
  4. Go to Settings > Security.
  5. Choose Users > Enabled Users, and then click a user’s full name.
  6. In the user form, scroll down under Administration to the Client Access License (CAL) Information section. In the Access Mode list, select Administrative.
  7. Remove the Customer Engagement apps license from the account.
  8. Go to the Microsoft 365 admin center.
  9. Click Users > Active Users.
  10. Choose the Administrative user account and under Product licenses, click Edit.
  11. Turn off the Customer Engagement apps license, and then click Save > Close multiple times.

3. Create a non-interactive user account

Non-interactive user account

  1. The non-interactive user is not a ‘user’ in the typical sense – it is not a person but an access mode that is created with a user account. 
  2. It is used for programmatic access to and from Dynamics 365 for Customer Engagement apps between applications. 
  3. A non-interactive user account lets these applications or tools, such as a Dynamics 365 for Customer Engagement apps to ERP connector, authenticate and access Dynamics 365 for Customer Engagement apps (online), without requiring a Dynamics 365 for Customer Engagement apps (online) license. 
  4. For each instance of Dynamics 365 for Customer Engagement apps (online), max 5 non-interactive user accounts can be created.
  5. One needs to have the System Administrator security role or equivalent permissions in Dynamics 365 for Customer Engagement apps to create a non-interactive user. 
  6. First, create a user account in Office 365 and then in Dynamics 365 for Customer Engagement apps, select the non-interactive access mode for the account.

Steps

  1. Create a user account in the Microsoft 365 admin center.
  2. Be sure to assign a Customer Engagement apps license to the account.
  3. Go to Customer Engagement apps.
  4. Go to Settings > Security.
  5. Choose Users > Enabled Users, and then click a user’s full name.
  6. In the user form, scroll down under Administration to the Client Access License (CAL) Information section. In the Access Mode list, select Non-interactive.
  7. Remove the Customer Engagement apps license from the account.
  8. Go to the Microsoft 365 admin center.
  9. Click Users > Active Users.
  10. Choose the non-interactive user account and under Product licenses, click Edit.
  11. Turn off the Customer Engagement apps license, and then click Save > Close multiple times.
  12. Go back to Customer Engagement apps and confirm that the non-interactive user account Access Mode is still set for Non-interactive.

4. Create an application user

  1. Server-to-server (S2S) authentication is used to securely and seamlessly communicate Dynamics 365 (online) with the web applications and services. 
  2. S2S authentication is the common way that apps registered on Microsoft AppSource use to access the Dynamics 365 (online), version 8.2 data of their subscribers. 
  3. All operations performed by the application or service using S2S will be performed as the application user you provide rather than as the user who is accessing your application.
  4. All application users are created with a non-interactive user account, however they are not counted towards the five non-interactive user accounts limit. In addition, there is no limit on how many application users you can create in an instance.

Application user

How stub users are created

  1. A stub user is a user record that has been created as a placeholder. 
  2. For example, records have been imported that refer to this user but the user does not exist in Dynamics 365 for Customer Engagement apps (online). 
  3. This user cannot log in, cannot be enabled, and cannot be synchronized to Office 365. 
  4. This type of user can only be created through data import.
  5. A default security role is automatically assigned to these imported users. 
  6. The Salesperson security role is assigned in a Dynamics 365 for Customer Engagement instance and the Common Data Service User security role is assigned in a PowerApps environment.

User Management in on-premises instance

  1. With Microsoft Dynamics 365 (on-premises), users can be added to the organization one at a time, or add multiple users at the same time by using the Add Users wizard.

Add a user

  1. Go to Settings > Security.
  2. Choose Users.
  3. On the toolbar, choose New.
  4. On the New User page, in the Account Information section, specify the User Name for the user.
  5. In the User Information section, specify the Full Name for the user.
  6. In the Organization Information section, verify the Business Unit for the user.
  7. Follow the below step for the task:
  8. To save the information for the new user, choose Save.
  9. To save the information for the user and add another user, choose Save & New.
  10. To add another user without saving the information you entered for the user, choose New, and then in the Message from web-page dialog box, choose OK.
  11. Next, you’ll need to assign a security role to the newly added user. 

Add multiple users

Multiple user records can be added for the same set of security roles by using the Add Users wizard. Any users that needs to be added must be in the Active Directory directory service.
  1. Go to Settings > Security.
  2. Choose Users.
  3. On the toolbar, choose New Multiple Users.
  4. The Add Users wizard opens.
  5. On the Select Security Roles page, select one or more security roles, and then choose Next.
  6. On the Select Access and License Type page, under Access Type, select the appropriate access type for this set of users.
  7. Under License Type, specify the license type for this set of users.
  8. Under Email Access Configuration, specify how this set of users will access incoming and outgoing email messages, and then choose Next.
  9. On the Select Domain or Group page, specify to select users from all trusted domains and groups or users from a particular domain or group, and then choose Next.
  10. On the Select Users page, type a part of the name of user you want to add to Microsoft Dynamics 365. Use semi-colons between names.
  11. Choose Create New Users.
  12. On the Summary page, review the information about the user additions, and then follow the step for the task you are performing:
  13. To close the Add Users wizard, choose Close.
  14. If you need to add more users, for example with a different set of security roles, choose Add More Users to begin the wizard again.
 Note
  1. To edit a specific user record, close the wizard, and then open the user record from the list.

Assign a security role to a user

After you create users, you must assign security roles for them to use Microsoft Dynamics 365. Even if a user is a member of a team with its own security privileges, the user won’t be able to see some data and may experience other problems when trying to use the system. More information: Security roles and privileges

  1. Go to Settings > Security.
  2. Choose Users.
  3. In the list, select the user or users that you want to assign a security role to.
  4. Choose More Commands (...) > Manage Roles.
  5. Only the security roles available for that user's business unit are displayed.
  6. In the Manage User Roles dialog box, select the security role or roles you want for the user or users, and then choose OK.

Enable a user

  1. Go to Settings > Security.
  2. Select Users.
  3. Select the down arrow next to Enabled Users, and then choose Disabled Users.
  4. Select the check-mark next to the user you want to enable, and on the Actions toolbar, select Enable.
  5. In the Confirm User Activation message, select Activate.

Disable a user

  1. Go to Settings > Security.
  2. Choose Users.
  3. In the Enabled Users view, select the check-mark next to the user you want to disable.
  4. On the Actions toolbar, select Disable.
  5. In the Confirm User Record Deactivation message, select Deactivate.

Update a user record to reflect changes in Active Directory

When you create a new user or update an existing user in Microsoft Dynamics 365 (on-premises), some fields in the Dynamics 365 user records, such as the name and phone number, are populated with the information obtained from Active Directory Domain Services (AD DS). After the user record is created in Dynamics 365, there is no further synchronization between Active Directory user accounts and Dynamics 365 user records. If you make changes to the Active Directory user account, you must manually edit the Dynamics 365 user record to reflect the changes.

  1. Go to Settings > Security.
  2. Choose Users.
  3. In the list, select the user you want to update, and then choose Edit.



Comments

Popular posts from this blog

Microsoft 365 Cloud Offerings - Subscription & Licenses - Part 1

Dynamics 365 - Uninstall CDS Solution from CRM Instance - Create Invoice Button Missing on Order Form

Common Data Service - Data Integration - Configuring Prospect to Cash - Part 4