web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Import users fails wit...
Finance | Project Operations, Human Resources, ...
Answered

Import users fails with "Authorization Required" even with System Administrator role in DevBox

(3) ShareShare
ReportReport
Posted on by Raed Bzour 188

Hi everyone,

I'm working on a Cloud-Hosted DevBox (Tier 1) environment and I'm having an issue with the Import users functionality.

Problem:
When I click Import users in:
System administration > Users > Users

I get "Authorization Required" error immediately — even though I am logged in as System Administrator.

 

What I understand is import users communicates with Azure AD outside of D365 and being System Administrator in D365 is not enough

Questions:


  1. What exact Azure AD permissions are needed to enable Import users?

  2. How to correctly configure the Azure AD app registration for a DevBox environment?

  3. Is there a workaround to import users without Azure AD Global Admin access?
 
Thanks in advance.
 
Categories:
Dynamics 365 Finance
I have the same question (0)
  • Raed Bzour Profile Picture
    Raed Bzour 188 on at

    hint: there are users, but I hid them
  • Suggested answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 304,713 Super User 2026 Season 1 on at
    Hi Raed,

    This is a known situation in the CHE environments. By default for security reasons the connection between the environment and Entra ID is not enabled. You can do this yourself.

    Note that apart from importing the users, you can create the users manually. That will work as well. 

    To enable the import option, follow the steps in the next blog: Unable to import users in Cloud Hosted Environment – JohanPersson.nu
  • Suggested answer
    11manish Profile Picture
    11manish 694 on at
    The Import Users feature depends on Azure AD directory access, not D365 roles.
    • Required permission: Directory Readers (Entra ID role)
    • App registration setup: Not required in DevBox (already handled by platform)
    • Workaround without Global Admin:
      • Assign Directory Readers role to your user
  • Raed Bzour Profile Picture
    Raed Bzour 188 on at
    Hi André ,
     
    Thank you for your response. I followed the steps for manually creating a new user — I filled in the same data as Azure AD, assigned a person, added the Tenant ID in the provider field, and assigned the System Administrator role.
     
    However, the user still cannot log in and gets the "not authorized" error.

    I also noticed that the Telemetry ID is showing as {00000000-0000-0000-0000-000000000000}, which I believe indicates the user is not properly linked to Entra ID.

    Do you have any suggestions on how to resolve this?

    Thank you.
  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 304,713 Super User 2026 Season 1 on at
    Hi Raed,

    Is this a user account in your tenant or is it an external user?
  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 304,713 Super User 2026 Season 1 on at
    @11manish, Are you aware that this question is about Dynamics 365 F&O?
  • Raed Bzour Profile Picture
    Raed Bzour 188 on at
    Hi Andre,
    This is an internal user account within our tenant.
  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 304,713 Super User 2026 Season 1 on at
    When there is no typo in the email address and the provider field has the default value, the telemetry ID should be recognized.
    Try to see if the steps provided in the above shared blog from Johan may solve this issue. 
  • Suggested answer
    Raed Bzour Profile Picture
    Raed Bzour 188 on at
    To solve the issue of manually inserting a user that exists in the tenant, first try to insert the user normally using the correct email address and try to log in.
     
    If the login fails, use SSMS to find the record of the user you inserted and check the Object ID — in my case it was all zeros {00000000-0000-0000-0000-000000000000}, which is why the login was failing.
     

    To solve this, go to the Azure Portal under Azure Active Directory → Users, get the Object ID for your user, then manually update the Object ID in the database. After that, you will find that the Telemetry ID will automatically be set to the Object ID and the user will be able to log in successfully.

    This is how the manual user creation works.

    I also found that this approach is easier than following the blog and granting the user permission to import users.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the April Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Giorgio Bonacorsi Profile Picture

Giorgio Bonacorsi 608

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 591 Super User 2026 Season 1

#3
CP04-islander Profile Picture

CP04-islander 430

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP
License usage reporting (in-app and PPAC) with Entra dynamic groups

Product updates

Dynamics 365 release plans