Quantcast
Channel: Weaponized CRM
Viewing all articles
Browse latest Browse all 22

Managing Users in Multiple CRM Online Instances in Office 365

0
0

The great thing about Office 365 is the ability to conveniently manage your users and other services in a single place. This of course also includes your CRM Online instances. One behavior of the Office 365 is that when users are created by default they are added to every instance of CRM online. For small organizations that may be fine. Users won’t have a security role assigned so from a security perspective this shouldn’t have an impact. One challenge is all those users will be enabled and if you have any kind of logic to automatically grant roles then you may inadvertently grant access to the wrong users. In my case I’m dealing with 50,000 users so having all of them created in every CRM instance isn’t going to cut it. As it turns out there is a way to only have certain users added to specific CRM online instances by using Office 365 security groups.

In the CRM administration portal you can navigate the list of available CRM instances and edit the properties of each instance. In the security settings section you can specify a security group.

CRM Admin Center

Edit CRM InstanceIf you don’t specify a security group by default all users with a CRM license will be created in that instance. If you do specify a group then only users that are members of the group will be added to that instance. To conveniently control who has access to specific CRM instance you should effectively create a group per CRM instance. So if you have a CRM A and a CRM B, you would create an A security group and a B security group.

In musings of user automation I was discussing some ways of automating role user instance and security role assignment with network administrator on my current project. In our scenario the customer is synchronizing their on-premises active directory to Azure active directory which includes some custom attributes such as the type of user. We theorized using additional security groups along with PowerShell scripts to effectively create some intelligence around user management. By adding some logic between on-premises to the cloud we could effectively enable the security team to provision users in local AD groups without ever having to go to Office 365. Adding some web hooks to Azure AD and maybe a little Azure magic the setup can be tailored for each CRM instance allowing each instance to potentially fully automate user setup.

To find out more information on using Azure security groups for CRM online you can read the articles listed below:

Create, Edit, or Delete A Security Group
https://support.office.com/en-us/article/Create-edit-or-delete-a-security-group-55c96b32-e086-4c9e-948b-a018b44510cb?CorrelationId=1062f600-9e51-4b6b-ba0d-21a3fec2afb9&ui=en-US&rs=en-US&ad=US

Edit Properties of an Instance
https://technet.microsoft.com/library/dn467368.aspx



Viewing all articles
Browse latest Browse all 22

Latest Images

Trending Articles





Latest Images