Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / Dyn365FO Azure AD Grou...
Microsoft Dynamics AX (Archived)

Dyn365FO Azure AD Group Login

(0) ShareShare
ReportReport
Posted on by Community Member Microsoft Employee

In Dynamics AX 2012 a Windows Active Directory (AD) group could be established as a login with a set of security roles; subsequently any member of the Windows AD group could login to DynAX2012, have a user record established, and receive the group's security roles.  Individual users did not need to be added in DynAX2012.

I am trying the same thing with Dynamics 365 for Finance & Operations (Dyn365FO) and Azure AD but can't seem to complete the loop.  I have been able to establish an Azure AD group and assign Azure AD members to the group, and then import the group into Dyn365FO and assign security roles.  But trying to login with a group member's credential (who has not been specifically added as a user in Dyn365FO but can login to the Azure AD where the group exists via portal.azure.com) I get "You are not authorized to login with your current credentials. You will be redirected to the login page in a few seconds."

Is there another step required to allow login to Dyn365FO via an Azure AD group?  Maybe registering Dyn365FO as an app in the Azure AD but importing individual logins from the Azure AD into Dyn365FO works fine without adjustment.  I would like to avoid setting roles for what will be 100+ logins changing several times a year (I am a university professor using Dynamics in courses).  Any guidance appreciated.

*This post is locked for comments

  • Suggested answer
    Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dyn365FO Azure AD Group Login

    Son of a gun but using Office 365 admin helped.  Creating / deleting users & groups in Azure AD showed up in Office 365 admin (& vice versa) so I assumed both avenues worked the same.  But creating a new user in Office 365 admin and adding it to the existing group allowed that user and all other non-guest users in the AD group to log into Dyn365FO and assume the group's security roles and default company. Cha-ching! So managing with Office 365 Admin rather than Azure AD matters somehow and I can live with that.

    I may diddle around to find a repeatable sequence of actions that works for sure but I have one more hurdle if you have any ideas:  users in the group with guest accounts in Azure AD and Office 365 are still denied login.  Below is what the user in question sees logging into account.activedirectory.windowsazure.com and Office 365 Admin and Azure AD echo this (i.e., the Empress login is acknowledged as in the group). Since Demo User and New User can login to Dyn365FO It probably has to do with their logins being in techcats.onmicrosoft.com (Azure / Office 365 AD domain) whereas guest users will have various domains based on Microsoft account email (e.g., eou@techcats.solutions is a valid email and Microsoft account).  Anyway, I have to rest my brain a bit on this but my goal was to invite guests to Azure AD, put them in the right group, and ta-da they could login to Dyn365FO using their know credentials. Getting closer thanks to your help!

    Dyn365Group.JPG

  • Verified answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 291,391 Super User 2024 Season 2 on at
    RE: Dyn365FO Azure AD Group Login

    Hi Todd,

    What is the exact version of the platform and application you are running on?

    Can you also try to create a group using the Office 365 admin portal? I thought I had done this myself, when I did test this feature. It was working for me.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dyn365FO Azure AD Group Login

    Thanks for responding. I did enable this unless something more than getting into maintenance mode, click the box (1st screen cap below), saving (I even restarted the instance) is required.  I did exit maintenance mode after the change but that shouldn't matter.  Before allowing Active Directory security group I couldn't even import an Azure AD group into Dyn365FO so I thought I was on the right path when I could import the group and assign roles.  But I still have the member (I have added just one member to the group at this point) of the Azure AD group not being accepted as a Dyn365Ops login, so still scratching my head.  

    ScrnCapScrnCapScrnCap

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 291,391 Super User 2024 Season 2 on at
    RE: Dyn365FO Azure AD Group Login

    Hi Todd,

    Did you enable the configuration key named 'Active Directory Security Groups'?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

photo of Muhammad Affan

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

thumbnail image of a pie chart section

Top 10 leaders for November!

Congratulations to our November super stars!

thumbnail image of the word Tip

Tips for Writing Effective Verified Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,391 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,445 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans