Business Scenario: CliffsNotes is a fictional company getting ready for its Business As Usual (BAU) processes as the production go-live for D365 Finance and Operations is scheduled for next week. However, looking at the number of entries of joiners and movers in the organization as well as the proper segregation of duties of each department an organization is looking at more control and a RBAC-driven solution in D365 Finance and Operations to manage the security roles.
Solution: A feature called Active directory security group can be leveraged as it allows AZURE AD groups driven access to a respective department.
Security should be top of mind for every D365 Finance and Operations Administrator. One of the best parts of this feature is a one-time setup and the remaining steps can be executed by the Administrator in a well-controlled manner through the Azure portal.
To my mind, this is an underdiscussed or perhaps underutilized feature. Consultants are often familiar with normal processes, such as adding users to D365 FOs and directly assigning security roles.
In this blog post, I am going to describe step by step approach to enabling the Azure AD group functionality.
Before we deep dive into Azure AD groups feature in Dynamics 365 Finance and Operations, first understand
What is the Azure AD group? An Azure AD group helps Administrators organize users making it easier to manage permissions. These groups let the resource owner, add a set of users to groups or assign a set of access permissions to all the members of the group.
Azure AD groups support two unique types
A. Security: The purpose of this type of group is to manage member resources for a group of users. E.g., You can create a security group for a specific security policy.
B. Microsoft 365: This type of group allows collaboration options by giving members access to apps such as Outlook, files, etc. Also, you add people outside of your organization access to the groups.
Prerequisite: A configuration key "Active Directory security group" is required to be enabled
Here is a step-by-step explanation
• Add a new user with the Azure portal • Create new Azure Active directory group with the Azure portal
• Select newly created Azure Active Directory groups
• Navigate to left pane and select Member option and then click on Add member
• Navigate to System administration > Users > Groups
• Click on Import groups option
• Select Azure Active Directory security, groups
• Click on “Import Groups” button
Note: Please enter unique ID for Azure directory group
• Click on Assign roles
• Select the appropriate roles to assign to Azure groups that were imported earlier
• Click on OK
Note: Please ensure that the user has already been imported into the D365 Finance & Operations environment without any security roles assigned
And that's it, Isn't cool 😎
By following the above step-by-step guide, you will be able to manage user role assignment in a controlled manner and provide end-to-end role traceability for Administrator personas.
Thank you for Reading - Let's Connect!