web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / Dyn365FO Azure AD Grou...
Microsoft Dynamics AX (Archived)

Dyn365FO Azure AD Group Login

(0) ShareShare
ReportReport
Posted on by Community Member

In Dynamics AX 2012 a Windows Active Directory (AD) group could be established as a login with a set of security roles; subsequently any member of the Windows AD group could login to DynAX2012, have a user record established, and receive the group's security roles.  Individual users did not need to be added in DynAX2012.

I am trying the same thing with Dynamics 365 for Finance & Operations (Dyn365FO) and Azure AD but can't seem to complete the loop.  I have been able to establish an Azure AD group and assign Azure AD members to the group, and then import the group into Dyn365FO and assign security roles.  But trying to login with a group member's credential (who has not been specifically added as a user in Dyn365FO but can login to the Azure AD where the group exists via portal.azure.com) I get "You are not authorized to login with your current credentials. You will be redirected to the login page in a few seconds."

Is there another step required to allow login to Dyn365FO via an Azure AD group?  Maybe registering Dyn365FO as an app in the Azure AD but importing individual logins from the Azure AD into Dyn365FO works fine without adjustment.  I would like to avoid setting roles for what will be 100+ logins changing several times a year (I am a university professor using Dynamics in courses).  Any guidance appreciated.

*This post is locked for comments

I have the same question (0)
  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 301,020 Super User 2025 Season 2 on at

    Hi Todd,

    Did you enable the configuration key named 'Active Directory Security Groups'?

  • Community Member Profile Picture
    Community Member on at

    Thanks for responding. I did enable this unless something more than getting into maintenance mode, click the box (1st screen cap below), saving (I even restarted the instance) is required.  I did exit maintenance mode after the change but that shouldn't matter.  Before allowing Active Directory security group I couldn't even import an Azure AD group into Dyn365FO so I thought I was on the right path when I could import the group and assign roles.  But I still have the member (I have added just one member to the group at this point) of the Azure AD group not being accepted as a Dyn365Ops login, so still scratching my head.  

    ScrnCapScrnCapScrnCap

  • Verified answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 301,020 Super User 2025 Season 2 on at

    Hi Todd,

    What is the exact version of the platform and application you are running on?

    Can you also try to create a group using the Office 365 admin portal? I thought I had done this myself, when I did test this feature. It was working for me.

  • Suggested answer
    Community Member Profile Picture
    Community Member on at

    Son of a gun but using Office 365 admin helped.  Creating / deleting users & groups in Azure AD showed up in Office 365 admin (& vice versa) so I assumed both avenues worked the same.  But creating a new user in Office 365 admin and adding it to the existing group allowed that user and all other non-guest users in the AD group to log into Dyn365FO and assume the group's security roles and default company. Cha-ching! So managing with Office 365 Admin rather than Azure AD matters somehow and I can live with that.

    I may diddle around to find a repeatable sequence of actions that works for sure but I have one more hurdle if you have any ideas:  users in the group with guest accounts in Azure AD and Office 365 are still denied login.  Below is what the user in question sees logging into account.activedirectory.windowsazure.com and Office 365 Admin and Azure AD echo this (i.e., the Empress login is acknowledged as in the group). Since Demo User and New User can login to Dyn365FO It probably has to do with their logins being in techcats.onmicrosoft.com (Azure / Office 365 AD domain) whereas guest users will have various domains based on Microsoft account email (e.g., eou@techcats.solutions is a valid email and Microsoft account).  Anyway, I have to rest my brain a bit on this but my goal was to invite guests to Azure AD, put them in the right group, and ta-da they could login to Dyn365FO using their know credentials. Getting closer thanks to your help!

    Dyn365Group.JPG

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Priya_K Profile Picture

Priya_K 4

#1
Martin Dráb Profile Picture

Martin Dráb 4 Most Valuable Professional

#3
Ali Zaidi Profile Picture

Ali Zaidi 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans