Adding, Changing or Deleting Users in your CRM environment

The process of adding, changing or deleting users typically involves steps taken outside of the CRM environment first and then ensuring the appropriate changes are available within your CRM environment as well.

 

Adding Users

Pre-Requisites:

1.  This procedure requires either a Tenant Global Admin (if you use Azure Active Directory) or an Active Directory Admin (On Prem & Azure AD) with a Dynamics 365 Admin
2. This article also assumes you do not use Azure AD Access Groups

 

Step 1 - Creation of the user in your Active Directory Environment

• For Azure AD Tenants, To create a user in your active directory environment, please follow the instructions provided by Microsoft which is available here: Add or Delete users in Azure Active Directory 
• For AD/ADFS Tenants. please consult with your IT Department on creation of a user and synchronization of that user to be available in the Azure AD tenant containing your CRM instance.

 

Step 2 - Assigning a user the appropriate Dynamics 365 licenses

Once the user has been created and visible within the active directory tenant, you will need to assign the appropriate licenses for that user. A step by step guide has been provided by Microsoft here: Assign of Remove Licenses in Azure Active Directory

• If you are on the legacy licensing SKU, you will see the option to assign a "Dynamics 365 Customer Engagement Plan"
• If you are on the revised licensing SKU, you will see the following licenses in your tenant
  • Dynamics 365 Customer Service Enterprise 
  • Dynamics 365 Sales Enterprise 
• For users of Opportunity Management and Marketing Automation (including ClickDimensions), you will need to assign the Sales Enterprise License
• For users of Case Management and Service or Resource Scheduling, you will need assign the Customer Service Enterprise License
• For users who require functionality in both areas, you will need to assign both the Customer Service Enterprise and the Sales Enterprise License

Step 3 - Assigning the user to an environment and ensuring that they have the right security permissions

Note - There is a delay between creation of a user in active directory and that user being visible in Dynamics 365. This may range from 1 hour to 6 hours at times.

• To add a user into a specific environment (Dev, test, Prod etc.), please follow the steps identified here: Add Users to an Environment. 
• Once the user has been added to the environment, it is important to ensure that the user has been granted the right security permissions. For a list of security permissions to add, consult the  power users in your organization or refer to any training documents where custom security roles may have been created. A detailed step by step guide to add permissions to a user within an environment have been identified here: Configure User Security

 

Deleting User Access to CRM

Note that the steps must be undertaken regardless of the sequence provided. The effect remains the same.

Step 1 - Block User from Sign-in on Azure Active Directory or in your M365 Admin Center

Detailed step by Step Instructions are available here: Block or Disable User Access

Step 2 - Removal of User's security Permissions 

Follow the steps provided in here: Configure User Security and ensure that the user has no active security permissions

Step 3 - Reassign Users Records to another users

It is important to ensure that prior to deleting the user entirely, that their records are reassigned to another user or service account. This includes CRM records, Workflows, Cloud Flows and Power BI reports. This ensures that any workflows that may have accidentally been created with the user as the owner continue to operate.

Step 4 - Removal of Licenses

Once all records have been reassigned to another service account or user, you may then proceed to remove the licenses of the user within Azure Active Directory. Please follow instructions provided here: Assign or Remove Licenses