- Do users from other organizations need access to your Dynamics 365 environment?
- Are you looking at knowhow to give Dynamics 365 license to external users?
- Are you trying to set-up Azure AD Guest users as users in Dynamics 365 environment?
These are the questions I come across so often and if you are looking for answers to these, you are on the right page as in this blog I am going to explore all these topics. This blog basically will walkthrough the whole example with Dynamics 365 CE product but the steps followed here can basically be extended to all Microsoft products provided the product support users outside the tenant domain.
Before we go ahead and accomplish this, let’s understand why users outside your organization may need access to Dynamics 365 environment? I can basically think of quite a few scenarios but the most common scenario may be where you are working with resellers and distributors and you need to provide them CRM access. Also users outside your tenant may need to participate in the approval process. You may argue that all this can be achieved through portals as well but there may be scenarios where a regional sales manager may work in collaboration with a distributor or agent to crack a customer deal.
Having understood why this kind of set-up is required, let’s explore the steps to accomplish this.
1 – Set up the user as Guest user in Azure Active directory
This is the first step and quite obvious it is. After all to be a user in any Microsoft cloud product, you should be set-up as a user in Azure Active Directory. So let’s see how we can do this. For this demo I have used used two different trial tenants.
- contosodeb.onmicrosoft.com
- xrm202016.onmicrosoft.com
I going to set up a user in xrm202016.onmicrosoft.com tenant in contosodeb.onmicrosoft.com Dynamics 365 instance. In contosodeb.onmicrosoft.com, I login to the azure portal – https://portal.azure.com
Navigate to Azure Active Directory -> Users -> New Guest user.
Use the option – “Invite User” and enter details for the guest user.
Click on Invite. The user shall receive an invitation email in his mailbox like the one shown below.
As a final step, the recipient need to Accept Invitation to complete the user registration process.
2 – Assign Dynamics 365 license to the Guest user.
We have the guest user now in Azure AD. But how to assign license to the Guest user. If you are thinking of assigning license to the external user using Microsoft 365 admin center, you will be disasspointed. Unlike regular users. you won’t be able to assign license there. But don’t be disappointed. We will accomplish the same using the following steps below.
Navigate to Azure Portal -> Azure Active Directory -> Groups -> New Group
Create a new security group. In the Members, add the Guest user we just added to Azure active directory in the earlier step.
Once the group is created successfully, we will assign license to the group. Open the newly created group and click on Licenses.
Select the desired license and click on save.
Now that’s the trick here. While you can’t add assign license to external user, you can create a group, add user to the group and assign license to the group. The user shall inherit the license from the group.
3 – Add user to the Dynamics 365 instance and assign security role.
We have set-up the Guest user and assigned Dynamics 365 license as well. Ideally the user should be synced to the Dynamics 365 tenant in sometime. If not navigate to Power platform admin center and click on your environment.
Click on Users highlighted above. Click on Add user and add the Guest user.
The user shall be synced to the environment. Go to Settings -> Security -> Users in your Dynamics 365 and assign the desired security role.
And now you shall see the Guest user is able to access the CRM environment in a different tenant.
Hope this helps!
You may also like the below posts
Debajit Dutta
(Business Solutions MVP)