When you deploy a machine with the new Microsoft Dynamics AX on Azure or download a virtual machine, the environment contains users with restricted rights. In previous versions of Dynamics AX you could directly use the Contoso users for your demonstrations to show what it looks like when a user has only certain roles assigned. In Microsoft Dynamics AX you will receive an error when the user is not recognized in your own tenant. This post will tell you how you can use the Contoso personas within your own environment without creating new demonstration users in your own Azure Active Directory.

Contoso personas

When Microsoft created the Contoso demonstration company, they also did investigation which personas would be working in the fictional company. So users and example roles are provided as outcome. When you look at the current demonstration database there are some users like:

  • Charlie Carson : Chief executive officer
  • Susan Burk: Sales clerk
  • Tim Litton: Information technology manager

ContosoPersonas

When you login as one of the Contoso employees the number of functionality is limited, meeting the permissions of this user and demonstration is more smoothly. The audience will not be overwhelmed by all possible functionality, but can focus on the process being demonstrated.

However when you run Microsoft Dynamics AX on your own tenant, login with a Contoso user is not working. Even when the user is enabled. You have to change settings on the users to be able to activate them running in your environment.

Activate Contoso users

Microsoft Dynamics AX is using Azure Active Directory for user authentication. Where you could setup a federation and have claims based users in Microsoft Dynamics AX 2012, you can now setup any user in your Microsoft Dynamics AX environment. There is only one rule. If the users does not belong to your Azure tenant, you have to specify the domain from the third party within the Domain field of the AX user.

Contoso personasBy default the value in this field is https://sts.windows.net/. To have a third party user activated you need to add the domain behind this value. In this example this is contosoax7.onmicrosoft.com. So the full domain should be filled with the next value: https://sts.windows.net/contosoax7.onmicrosoft.com. When you save the user record, AX will also retrieve the Identity provider and a correct SID value. This will also work with any other third party domain when the users are setup as user in an Azure Active Directory.

Now you are able to start Microsoft Dynamics AX using the credentials from e.g. Susan. Open a browser and use the next credentials:

Username: susan@contosoax7.onmicrosoft.com
Password: Pass1Word

Note that some Contoso users might have other passwords. The most are setup using the password as mentioned above. The workspace and available menus will now look like the screenshot below for the sales clerk. You can notice that the default dashboard already contains less options. The same is valid for the main menu compared with system administrator rights.

Contoso personas

There is more…

Changing about 80 Contoso users for the Domain field is a bit of a boring job. It can take some time to complete this task. To help myself I created a runnable class which will update the Contoso users to have the correct network domain filled as well as 2 related security fields. With the help of Visual Studio you can also implement this coding to update the values for the users in the current partition. Below I will share you these details. Note that using this code is at your own responsibility. Prevent changing users from your own domain. Wrong information in the user table might lock out those users.

In the next example I’m assuming you have an extension model created. A reference to the Application Platform and Application Foundation model are required. You have to create a new project and add a new item based on a Runnable Class. A runnable class is the replacement for the Jobs which were implemented as scripting tools in the previous versions of AX.

Contoso personas

I named it ActivateContosoPersonas. In the code editor, type the next coding:

class ActivateContosoPersonas
{        
    /// <summary>
    /// Runs the class with the specified arguments.
    /// </summary>
    /// <param name = "_args">The specified arguments.</param>
    public static void main(Args _args)
    {        
        AxaptaUserManager   manager = new AxaptaUserManager();
        UserInfo            userInfo;
        xAxaptaUserDetails  userDetails;
        var                 contosoTenant = "contosoax7.onmicrosoft.com";
        ttsbegin;
        
        userInfo.skipAosValidation(true);
        while select forupdate userInfo
        {
            if (strContains(userInfo.NetworkAlias, contosoTenant) && !strContains(userInfo.networkDomain, contosoTenant))
            {
                userInfo.networkDomain += contosoTenant;
                UserInfo.IdentityProvider = Microsoft.Dynamics.AX.Security.AuthenticationCommon.AadHelper::GetCanonicalIdentityProvider(UserInfo.networkDomain);
                userDetails = manager.getSIDFromName(UserInfo.networkAlias, UserInfo.IdentityProvider, UserInfo.accountType);
                userInfo.sid = userDetails.getUserSid(0);
                userInfo.update();
            }
        }
        ttscommit;
    }
}

Then save the changes. You have to set the new runnable class as Startup Object. Then you can build and run the solution. When everything is compiled correctly, this runnable class will open an Internet browser and show you when the code is complete.

Contoso personas

 

Now all users are migrated to be able to log on to Microsoft Dynamics AX. Note that some users might have other passwords setup. Also I don’t have information if and when the users will be retired from Azure Active Directory by Microsoft. But in the meantime (hopefully will last forever)… Enjoy!

Please share your thoughts and experiences in the comments below.

 

That’s all for now. Till next time!

Subscribe to our newsletter

Microsoft Dynamics AX CommunitySubscribe to this blogger RSS FeedMy book on Merging global address book records in AX 2012

Comments9
  1. SohaibMarch 08, 2016   

    Hi André ,
    Is RTW version allowing to login with Domain contosoax7.onmicrosoft.com .?
    I have downloaded RTW Version but haven’t installed yet. I think previous version like CTP8 is not allowing to use domain contosoax7.onmicrosoft.com, we are using our own 365 subscription.

    • PaulMarch 09, 2016   

      Thanks André for sharing! And to answer Sohaibs question: Yes the code and the contoso personas also works in RTW.

      • André Arnaud de CalavonMarch 09, 2016   

        Hi Paul,
        Thanks for reading the blog and verifying the code. I’m glad it also works for you.

    • André Arnaud de CalavonMarch 09, 2016   

      Hi Sohaib,
      Just because you have to use your own tenant (365 subscription), initially the Contoso users cannot be used as they are not part of your own tenant. So this is the way to “activate” them. In fact for all CTP versions and RTW you have to use your own tenant. The code is written based on the RTW version. I have not tested it on previous CTP builds.

  2. MichelleMarch 09, 2016   

    Thank you so much. I have been searching for this!

  3. James TerringtonOctober 31, 2016   

    Hi Andre

    Just trying to access with multiple users in an AX7 Virtual Machine on my pc.

    I have used the Admin Prov. Tool to get my account to access and it works – great.

    But have not been able to able to setup standard Contoso users like CHARLIE to work in the VM (in combination with my user).

    Do you have any suggestions?

    • André Arnaud de CalavonNovember 03, 2016   

      Hi James,

      Thanks for reading the blog. To be honest I don’t understand exactly what you are trying to achieve. Do you want to link the worker CHARLIE to your Admin user account?

Leave a Comment!

Your email address will not be published. Required fields are marked *