Export (0) Print
Expand All

Create users and assign Microsoft Dynamics CRM Online security roles

Applies To: CRM Online

In the Microsoft Online Services environment using the Office 365 admin portal, you create a user account for every user who needs access to CRM Online. The user account registers the user with Microsoft Online Services environment. In addition to registration with the online service, the user account must be licensed in order for the user to have access to the service. Assign a license to the user account to allow access to the online service. Notice that when you assign a user the global administrator or the service administrator role in the Microsoft Online Services environment, it automatically assigns the user the System Administrator security role in Microsoft Dynamics CRM. More information: Differences between the Microsoft online services environment administrative roles and CRM Online security roles

Create a user account

When you create a user account in the Office 365 admin portal, the system generates a user ID and temporary password for the user. You have the option to let the service send an email message to the user as clear text. Although the password is temporary, you may consider copying the information to send to the user through a more secure channel, such as from an email service that can digitally encrypt the contents. For step-by-step instructions for creating a Microsoft Online Services user account, see Create or edit users in Office 365.

noteNote
When you create a user in Office 365 and assign a license to the user by using the Office 365 admin center, the user is also created in Microsoft Dynamics CRM Online. The synchronization process between the Office 365 admin portal and Microsoft Dynamics CRM Online can take a few minutes to complete.

By entering a user ID and password, a user can access the Office 365 admin portal to view information about the service. However, the user will not have access to Microsoft Dynamics CRM Online until you assign at least one Microsoft Dynamics CRM Online security role to this user.

Add a license to a user account

In the Microsoft Online Services environment, you can license the user when you create the user account, or you can license the user later. You must assign a license to every user account that you want to access the online service.

For step-by-step instructions, see Assign, reassign, or remove licenses.

ImportantImportant
Licensed users must be assigned at least one Microsoft Dynamics CRM security role to access CRM Online.

About user licenses

  • Microsoft Dynamics CRM Online uses user licenses to provide access to your organization. You need one user license per person with an active user record who logs into your organization.

  • When you add a new person, the Add Users Wizard displays the number of user licenses available. If you reach your limit, the Next button is no longer available. You can add additional licenses with the Add User License Wizard.

  • An unaccepted invitation requires a user license until the invitation expires two weeks after it was issued.

  • If you have more user licenses than you are using, contact support to reduce the number of licenses. You cannot reduce the number of licenses to less than you are currently using or less than your offer allows. Any changes are reflected in your next billing cycle.

  • Each user license requires a unique Microsoft account, and every user who logs on to Microsoft Dynamics CRM needs a license. Most CRM subscriptions include a specific number of user licenses.

Assign a security role to a user

Security roles control a user’s access to data through a set of access levels and permissions. The combination of access levels and permissions that are included in a specific security role sets limits on the user’s view of data and on the user’s interactions with that data.

Microsoft Dynamics CRM Online provides a default set of security roles. If necessary for your organization, you can create new security roles by editing one of the default security roles and then saving it under a new name.

You can assign more than one security role to a user. The effect of multiple security roles is cumulative, which means that the user has the permissions associated with all security roles assigned to the user.

Security roles are associated with business units. If you have created business units, only those security roles associated with the business unit are available for the users in the business unit. You can use this feature to limit data access to only data owned by the business unit.

For more information about the difference between Microsoft Online Services administrator roles and Microsoft Dynamics CRM Online security roles, see Grant users access to Microsoft Dynamics CRM Online as a Microsoft Online service.

ImportantImportant
You must assign at least one security role to every CRM Online user. The service does not allow access to users who do not have at least one security role. Even if a user is a member of a team with its own security privileges, the user won’t be able to see some data and may experience other problems when trying to use the system.

In CRM Online:

  1. Make sure you have the System Administrator security role or equivalent permissions in Microsoft Dynamics CRM.

    • Follow the steps in View your user profile.

    • Don’t have the correct permissions? Contact your system administrator.

  2. On the nav bar, choose Microsoft Dynamics CRM > Settings.

    Settings appears on the nav bar.

  3. Choose Settings > Security > Users.

  4. In the list, select the user or users that you want to assign a security role to.

  5. Choose More Commands (More commands button) > Manage Roles.

    Only the security roles available for that user's business unit are displayed.

  6. In the Manage User Roles dialog box, select the security role or roles you want for the user or users, and then click OK.

(Optional) Assign an administrator role

You can share Microsoft Online Services environment administration tasks among several people by assigning Microsoft Online Services environment administrator roles to users you select to fill each role. You might decide to assign the global administrator role to a second person in your organization for times when you are not available.

There are five Microsoft Online Services environment administrator roles with varying levels of permissions. For example, the password reset administrator role can reset user passwords only; the user management administrator role can reset user passwords as well as add, edit, or delete user accounts; and the global administrator role can add online service subscriptions for the organization and can manage all aspects of subscriptions. For detailed information about Microsoft Online Services administrator roles, see Assigning Admin Roles.

noteNote
Microsoft Online Services environment administrator roles are valid only for managing aspects of the online service subscription. These roles don’t affect permissions within the CRM Online service.

Reset a user’s password

If a user loses a password, you can reset it. To reset a user’s password, you must be a Microsoft Online Services environment global administrator, user management administrator, or password administrator.

For step-by-step instructions, see Reset a User’s Password.

noteNote
The reset password is temporary. The user must change the temporary password at the next sign in. To help users meet the requirements for creating a new password in the Microsoft Online Services environment, see Set a user's password expiration policy.

Enable or disable users

To enable a user, assign a license to the user and add a user to the security group that is associated with an instance of CRM Online. If you enable a user that was disabled, you must send a new invitation for the user to access the system.

To disable a user, remove a license from the user or remove the user from the security group that is associated with an instance of CRM Online. Removing a user from the security group doesn’t remove the user’s license. If you want to make the license available to another user, you have to remove the license from the disabled user.

noteNote
Removing all security roles from the user prevents the user from signing into and accessing Microsoft Dynamics CRM Online. However, it doesn’t remove the license from the user and the user remains in the list of the enabled users in Microsoft Dynamics CRM Online. Removing security roles from a user isn’t a recommended method of removing access to CRM Online.

You must be a member of an appropriate administrator role to do these tasks. More information: Assigning Admin Roles

  1. In Office 365 admin portal, choose users and groups > active users and select the user.

  2. In Assign Licenses, check the Microsoft Dynamics CRM Online check box. Choose Save.

  3. In the Office 365 admin portal, choose users and groups > security groups.

  4. Choose the security group that is associated with your CRM Online organization.

  5. In Available members, choose the user and then select Add. Choose Save and Close.

  1. In the Office 365 admin portal, choose users and groups > active users and select a user.

  2. In Assign Licenses, clear the Microsoft Dynamics CRM Online check box. Choose Save.

  1. In the Office 365 admin portal, choose users and groups > security groups.

  2. Select the security group that is associated with your CRM Online organization.

  3. In Selected members, choose the user and then select Remove. Choose Save and Close.

noteNote
You can also delete users on the Office 365 admin portal. When you remove a user from your subscription, the license assigned to that user automatically becomes available to be assigned to a different user. If you want the user to still have access to other applications you manage through Office 365, for example Microsoft Exchange Online or Microsoft SharePoint, don't delete them as a user. Instead, simply remove the Microsoft Dynamics CRM license you've assigned to them.

noteNote
When you sign out of the Office 365 admin portal, you aren’t signing out of CRM. You have to do that separately.

TipTip
To force an immediate synchronization between the Office 365 admin portal and CRM Online, do the following:

  • Sign out of CRM Online and the Office 365 admin portal.

  • Close all open browsers used for CRM Online and the Office 365 admin portal.

  • Sign back in to CRM Online and the Office 365 admin portal.

Create a non-interactive user account

The non-interactive user is not a ‘user’ in the typical sense – it is not a person but an access mode that is created with a user account. It is used for programmatic access to and from CRM between applications. A non-interactive user account lets these applications or tools, such as a CRM to ERP connector, authenticate and access Microsoft Dynamics CRM Online, without requiring a Microsoft Dynamics CRM Online license. For each instance of Microsoft Dynamics CRM Online, you can create up to five non-interactive user accounts.

You need to have the System Administrator security role or equivalent permissions in Microsoft Dynamics CRM to create a non-interactive user. First, you’ll create a user account in Office 365 and then in Microsoft Dynamics CRM Online, select the non-interactive access mode for the account.

  1. Create a user account in the Office 365 portal.

    Be sure to assign a Microsoft Dynamics CRM Online license to the account.

  2. Go to Microsoft Dynamics CRM Online.

  3. On the nav bar, choose Microsoft Dynamics CRM > Settings.

  4. Choose Settings > Security > Users.

  5. In the Enabled Users list, select the non-interactive user account name.

  6. In the user form, select Administration > Access mode > Non-interactive.

    You then need to remove the Microsoft Dynamics CRM Online license from the account.

  7. In the Office 365 portal, go to the Office 365 admin center.

  8. Select Users > Active Users.

  9. Check the box for the name of the non-interactive user account and select Edit > Licenses.

  10. On the Assign licenses page, clear the box for the Microsoft Dynamics CRM Online license and select Save.

  11. Go back to Microsoft Dynamics CRM Online and confirm that the non-interactive user account Access Mode is still set for Non-interactive.

See Also

Send comments about this topic to Microsoft.
© 2014 Microsoft Corporation. All rights reserved.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft