web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Security role from Azu...
Customer experience | Sales, Customer Insights,...
Answered

Security role from Azure AD

(0) ShareShare
ReportReport
Posted on by Mohan Prasad MAni 235
Hi Team,
Is it possible to add security roles to a user automatically by adding the user in a specific Azure AD group... ? Use Case - Add a user to Admin AD Group which provides him system admin role in CE too
Thanks
Mohan
I have the same question (0)
  • Suggested answer
    Adrian Begovich Profile Picture
    Adrian Begovich 1,027 Moderator on at

    Hi Mohan,

    Is it not currently possible to add security roles to a user automatically by adding the user in a specific Azure AD group. However, you can assign a security role to a user programmatically.

  • Verified answer
    Fubar Profile Picture
    Fubar 2,761 on at

    It is possible.

    Create your Azure AD Security group (or Office Group), get the Azure AD Object Id for it.

    In CRM Create a Team,

    • Set  the Team Type to the type of Azure group.
    • Set the object Id to the Azure AD Object Id for the group you created in Azure AD
    • Assign Security Role(s) to the Team

    The add and remove members is then done by assigning the group in Azure/Office 365 not CRM (there can be an extra delay when adding and removing).

    (as the Security Roles are at Team level, you may want to look at using that Member's privilege inheritance dropdown on the Security Roles you are going to assign)

  • Suggested answer
    Shaina Profile Picture
    Shaina on at

    Hi Mohan, 

    This is something that you could refer https://docs.microsoft.com/en-us/power-platform/admin/manage-group-teams

    Regards,

    Shaina

  • Mohan Prasad MAni Profile Picture
    Mohan Prasad MAni 235 on at

    Thanks LA,

    I did the steps and the users are not sycning to team members from AD. The AD group has three members when i associated the team the group and waited almost 4 hours, but the users are not syncing... Did i miss anything?

  • Suggested answer
    Fubar Profile Picture
    Fubar 2,761 on at

    Its been a long time since I have actually set one up:

    a) can the user sign in (believe the AD Team in CRM may not list all the users assigned to it in AD just those that have logged in)

    b) user will still need a CRM licence assigned to them

    c) depending on your setup if you also have also setup a Security team added to the Instance you may still need to add the user in to that team also

    d) if the user does not see any error when logging in but a blank screen with a spinner, make sure the AAD Team in CRM has a Security Role with access to at least 1 app.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Tom_Gioielli Profile Picture

Tom_Gioielli 70 Super User 2025 Season 2

#2
Gerardo Rentería García Profile Picture

Gerardo Rentería Ga... 43 Most Valuable Professional

#3
Daniyal Khaleel Profile Picture

Daniyal Khaleel 32 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans