web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Manage access to envir...
Small and medium business | Business Central, N...
Suggested Answer

Manage access to environments using Azure Active Directory groups

(0) ShareShare
ReportReport
Posted on by NWard 9

Hello,

We have multiple instances of BC SAAS environments and this new feature which as released in the 2021 Wave 2 release is very welcome.  However, it does not seem to work, I created an individual AAD security group for each environment and assigned it in the Admin Centre.  I then went through the process of updating users from O365 and it added all users with an assigned license which is not what I expected, I was expecting just to see members of the AAD security group.  I even tried using a group with no members as demonstrated but again still received all users from AAD with a license assigned.

Has anybody else had the same problem?  

Thanks

Nick

Categories:
Dynamics 365 Business Central
I have the same question (0)
  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at

    Hello,

    I am not able to reproduce the scenario. The user that I added to the security group can access admin center but does not show up as a BC user because it is an unlicensed user.

    Thanks.

  • NWard Profile Picture
    NWard 9 on at

    Hello

    My assumption is that when I assign a security group to an environment only the users in this group will be imported to that system when I select 'Update Users from Microsoft 365' .   I found that all users in our AD with a BC license are imported which is not what expected?

    Have I misunderstood the use of security groups?

    Nick

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at

    Hello,

    Yes, if the users have a BC licence, they will be imported if you process them in BC. The security group is only to allow a group of members that have specific admin role to be able to connect to the Admin portal and do their required work there.

    Thanks.

  • Suggested answer
    NWard Profile Picture
    NWard 9 on at

    OK, thanks for the clarification.  I re-read the release notes and it makes sense now.

    We will have a number of tenants and it would have been great if this had worked as I originally thought.  I just went through the ideas site and found this has already been raised and is planned for a future release.

    https://experience.dynamics.com/ideas/idea/?ideaid=fe9c34a3-c033-eb11-8441-0003ff68e4a1#

    Nick

  • NWard Profile Picture
    NWard 9 on at

    Hello again,

    I watched the release presentation (again) and in this presentation by Dmitry Chadayev sounds to me that this should work as I originally thought with only those users in the group imported as users into BC.

    What's New for Business Central Administrators

    The bit on security groups is 10:35 into the presentation.

    Nick

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at

    Hello,


    I just tried it out myself on a new tenant. Repro:

    1. create two new sandboxes (v19.0)

    2. create two security group and add a few members to these new security groups

    3. logon to one of the BC tenants

    4. process new user (all users are added despite to what SG they were added to)

    5. try to logon to a BC tenant with a user that is not assigned to the SG that has access to the resource

    Result:

    We do not recognize you. Did you enter your credentials correctly?
    You do not have access to this environment. You must be a member of a security group that is associated with the tenant. Please contact your system administrator.
    TECHNICAL DETAILS
    Date and Time: 2021-11-08T09:17:07.327Z
    AAD tenant ID: <<removed>>
    Operation ID: 435dd6de-f198-47e7-b73d-a2e4be58cfa0
  • MikkelTange Profile Picture
    MikkelTange 40 on at

    Hi Nick

    Did you find any solution to this ?

    I find it annoying that all users with a license are imported into BC, even though they are not member of the assigned security group.

    BR
    Mikkel

  • Suggested answer
    Inge M. Bruvik Profile Picture
    Inge M. Bruvik 1,111 Moderator on at
    [quote user="MikkelTange"]

    Hi Nick

    Did you find any solution to this ?

    I find it annoying that all users with a license are imported into BC, even though they are not member of the assigned security group.

    BR
    Mikkel

    [/quote]

    MikkelTange 

    Hi,

    This is by design so you will always end up with all the licensed named users in BC.

    The security groups are just in play when it comes to access to the admin center.

  • MikkelTange Profile Picture
    MikkelTange 40 on at

    Thanks Inge - bad design :) but now I know why it looks like this.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 2,577

#2
YUN ZHU Profile Picture

YUN ZHU 888 Super User 2025 Season 2

#3
Jainam M. Kothari Profile Picture

Jainam M. Kothari 778 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans