Finance | Project Operations, Human Resources, ...

What is the correct procedure to invite external user to access F&O

(0) Share

Report

Posted on by Voltes

596

Hello guys,

Can we invite external user (from another domain / different @xxxx.com) for temporary access to our D365 F&O ? and what is the correct procedure to do it ?

I have the same question (0)

All responses (9)

Answers (0)

Suggested answer

Mohit Rampal 12,565 Moderator on at

Like (0)

Report

Hi Voltes, Please check this article.

https://dynamicspedia.com/2022/09/how-to-correctly-setup-external-or-guest-users-in-dynamics-365-fo/

Was this reply helpful? Yes No
GirishS 27,827 Moderator on at

Like (0)

Report

Hi Voltes,

In addition to the below comments, you need to careful when importing external user - You need to decide what are all the forms the external user must see.

Create a custom security role - Add your required privileges. - Or use any standard security roles.

Assign role to the external user after importing external user.

Thanks,

Girish S.

Was this reply helpful? Yes No
André Arnaud de Cal... 301,194 Super User 2025 Season 2 on at

Like (0)

Report

Hi Voltes,

Mohit already shared my blog about the technical part of adding external users. Depending on the features the users should execute, you would need to have sufficient licenses to assign to external users as well.

Apart from adding a user, it would be recommended to have a security request logged, so you would be able to explain auditors who got access and why. You mentioned temporary access. Ensure you have a procedure to remove the user to prevent any abuse of the access privileges.

Was this reply helpful? Yes No
Suggested answer

Umesh Pandit 9,315 User Group Leader on at

Like (0)

Report

Hi Voltes,

If the Vendor/Partner is known and has Microsoft 365 ID or a G-Suite ID and prefers to use that, we invite you from Azure as a Guest user to our tenant. (This gives them SSO)

In many cases, I have also noticed that customers/clients create the respective ID like ext.umesh@customers.com or umesh.pandit@customers.com as they can Manage these IDs, Licenses, and security and data compliance.

Was this reply helpful? Yes No
Voltes 596 on at

Like (0)

Report

Hello all,

Thanks for the advice. I actually want to add some more information within this thread however seems this community new UI make some trouble so I cannot post fully.

So basically what I did so far, is "quite" similar to what described in Andre's blog or Umesh mentioned.

1. In Azure Portal - Users, Create new user by using Invite external user. At this point I have selected as Guest. For example my external user email is abc@xyz.com, so this is the email I'm key in. After created, I noticed in User Principal Name became : abc_xyz.com#EXT#@MyEnv.onmicrosoft.com (MyEnv.onmicrosoft.com is my environment)

2. In D365 F&O - Users, Import user and found the newly created AAD user. New user then created with userid is the user's first name and email is the original email abc@xyz.com. Worth to note as well, as mentioned by Andre, the Provider also correct which is https://sts.windows.net/xyz.com/

3. I am make sure it is enabled and give some role to this new user. The role given is my custom role while the default System user/Office integration power user and System user/Power automate administrator also visible in their profile.

However the user reported to me that they cannot access and having this error :

May I know what I'm missing ?

Thanks,

Was this reply helpful? Yes No
André Arnaud de Cal... 301,194 Super User 2025 Season 2 on at

Like (0)

Report

Hi Voltes,

Is the email of the external user a personal or an organizational account? Is his domain also a tenant on AzureAD?

Was this reply helpful? Yes No
Voltes 596 on at

Like (0)

Report

Hi Andre,

The email is organizational account but it is not a tenant of Azure AD.

Will that needs a different approach ?

Was this reply helpful? Yes No
Voltes 596 on at

Like (0)

Report

Hi Andre,

Looking back to your blog -> https://dynamicspedia.com/2022/09/how-to-correctly-setup-external-or-guest-users-in-dynamics-365-fo/ especially in this part ->

You can also invite external users without an Azure AD account and provide access to Dynamics 365 Finance and Operations. Johan Persson wrote a blog about this option before: Adding users WITHOUT an Azure AD Accounts to Dynamics 365 for Finance and Operations – JohanPersson.nu. Where Johan mentioned Microsoft accounts, I wanted to give it a try with a Gmail account. This is also a scenario that is working.

You have specifically mentioned about the needs of License, if my needs is only for UAT, does it still need to give license first ?

Because the different I think is I didn't give license because I thought this is only required when going Live (Production).

Thanks,

Was this reply helpful? Yes No
André Arnaud de Cal... 301,194 Super User 2025 Season 2 on at

Like (0)

Report

Hi Voltes,

Try to provide the license. If this is not working, then please share screenshots of the user in Azure AD and in F&O. Please mask the names then. I can then verify my settings with yours.

Was this reply helpful? Yes No