If you are a Microsoft Dynamics CRM Online system administrator, you probably know that initial CRM user setup is performed in the Office 365 portal and then configured within CRM. But you may not know that you can use the Security Groups feature in the Office 365 Portal to enable or disable CRM access to custom groups of users you can create.
This feature can be useful for different scenarios, including:
- Limiting access for development or testing in non-production CRM Online instances
- Restricting access to the CRM Online production environment to system administrators only when importing a new solution set or other system maintenance
- Creating special groups for sales, service, or other business groups for more organized users management
There is actually a default security group that is pre-configured for Office 365 called System Administrators. This group includes all Office 365 users with global administrator rights.
Here’s how it works. You must have global administrator rights in the Office 365 Portal. If you do, log in to the Office 365 Portal with your credentials to the home page. Once logged in, do the following:
- On the home page, select the Users and Groups link on the navigation menu on the left side of the page.
- This will take you to the Active Users list. In the upper near left of the page near the top center of the home page, you will see a link for Security Groups. Click on the link to take you to the security groups management pages.
- Left click on the + (plus) symbol to create a new group. This will open up a new page where you can enter your new security group name.
For this scenario, we will call our group Testing Users. This group will comprise of users that will have access to the CRM environment for testing new solutions. To create the group, do the following:
- On the entry page, enter the name of the group in the Display Name section.
- Next, left click on plus sign in the Members section to pop out the user selection tool to select the user(s) that will be part of this group.
- After entering the name, select Save in the bottom right corner to save your group.
Voilà! Your new security group is created. Now, let’s use it to limit access to Dynamics CRM Online to our Testing Users. Go to the Office 365 CRM Online Admin Center by first clicking on the Admin dropdown on the Office 365 navigation toolbar, then selecting CRM from the dropdown list. This will open the CRM configuration page.
Next, select the CRM Online instance (if you have more than one) you want to edit and select the Edit button.
In the edit screen in the security settings section, use the search tool to look up your new Testing Users security group and select it. Click Save to save your selection and return to the main page in the Admin Center.
Then, click Save on the Admin Center page to save your CRM Online instance security settings.
That’s it! As long as the users in your group are licensed for CRM Online, access to the CRM Online instance will be restricted to the users in the security group. Other licensed users inside of CRM Online that are not in the security group will be disabled. To restore access, simply go back to the CRM Online Admin Center for that instance and clear the group name from the security settings.