AX: How to enable the Contoso personas

When you deploy a machine with the new Microsoft Dynamics AX on Azure or download a virtual machine, the environment contains users with restricted rights. In previous versions of Dynamics AX you could directly use the Contoso users for your demonstrations to show what it looks like when a user has only certain roles assigned. In Microsoft Dynamics AX you will receive an error when the user is not recognized in your own tenant. This post will tell you how you can use the Contoso personas within your own environment without creating new demonstration users in your own Azure Active Directory.

Contoso personas

When Microsoft created the Contoso demonstration company, they also did investigation which personas would be working in the fictional company. So users and example roles are provided as outcome. When you look at the current demonstration database there are some users like:

  • Charlie Carson : Chief executive officer
  • Susan Burk: Sales clerk
  • Tim Litton: Information technology manager

ContosoPersonas

When you login as one of the Contoso employees the number of functionality is limited, meeting the permissions of this user and demonstration is more smoothly. The audience will not be overwhelmed by all possible functionality, but can focus on the process being demonstrated.

However when you run Microsoft Dynamics AX on your own tenant, login with a Contoso user is not working. Even when the user is enabled. You have to change settings on the users to be able to activate them running in your environment.

Activate Contoso users

Microsoft Dynamics AX is using Azure Active Directory for user authentication. Where you could setup a federation and have claims based users in Microsoft Dynamics AX 2012, you can now setup any user in your Microsoft Dynamics AX environment. There is only one rule. If the users does not belong to your Azure tenant, you have to specify the domain from the third party within the Domain field of the AX user.

Contoso personasBy default the value in this field is https://sts.windows.net/. To have a third party user activated you need to add the domain behind this value. In this example this is contosoax7.onmicrosoft.com. So the full domain should be filled with the next value: https://sts.windows.net/contosoax7.onmicrosoft.com. When you save the user record, AX will also retrieve the Identity provider and a correct SID value. This will also work with any other third party domain when the users are setup as user in an Azure Active Directory.

Now you are able to start Microsoft Dynamics AX using the credentials from e.g. Susan. Open a browser and use the next credentials:

Username: susan@contosoax7.onmicrosoft.com
Password: Pass1Word

Note that some Contoso users might have other passwords. The most are setup using the password as mentioned above. The workspace and available menus will now look like the screenshot below for the sales clerk. You can notice that the default dashboard already contains less options. The same is valid for the main menu compared with system administrator rights.

Contoso personas

There is more…

Changing about 80 Contoso users for the Domain field is a bit of a boring job. It can take some time to complete this task. To help myself I created a runnable class which will update the Contoso users to have the correct network domain filled as well as 2 related security fields. With the help of Visual Studio you can also implement this coding to update the values for the users in the current partition. Below I will share you these details. Note that using this code is at your own responsibility. Prevent changing users from your own domain. Wrong information in the user table might lock out those users.

In the next example I’m assuming you have an extension model created. A reference to the Application Platform and Application Foundation model are required. You have to create a new project and add a new item based on a Runnable Class. A runnable class is the replacement for the Jobs which were implemented as scripting tools in the previous versions of AX.

Contoso personas

I named it ActivateContosoPersonas. In the code editor, type the next coding:

class ActivateContosoPersonas
{        
    /// <summary>
    /// Runs the class with the specified arguments.
    /// </summary>
    /// <param name = "_args">The specified arguments.</param>
    public static void main(Args _args)
    {        
        AxaptaUserManager   manager = new AxaptaUserManager();
        UserInfo            userInfo;
        xAxaptaUserDetails  userDetails;
        var                 contosoTenant = "contosoax7.onmicrosoft.com";
        ttsbegin;
        
        userInfo.skipAosValidation(true);
        while select forupdate userInfo
        {
            if (strContains(userInfo.NetworkAlias, contosoTenant) && !strContains(userInfo.networkDomain, contosoTenant))
            {
                userInfo.networkDomain += contosoTenant;
                UserInfo.IdentityProvider = Microsoft.Dynamics.AX.Security.AuthenticationCommon.AadHelper::GetCanonicalIdentityProvider(UserInfo.networkDomain);
                userDetails = manager.getSIDFromName(UserInfo.networkAlias, UserInfo.IdentityProvider, UserInfo.accountType);
                userInfo.sid = userDetails.getUserSid(0);
                userInfo.update();
            }
        }
        ttscommit;
    }
}

Then save the changes. You have to set the new runnable class as Startup Object. Then you can build and run the solution. When everything is compiled correctly, this runnable class will open an Internet browser and show you when the code is complete.

Contoso personas

 

Now all users are migrated to be able to log on to Microsoft Dynamics AX. Note that some users might have other passwords setup. Also I don’t have information if and when the users will be retired from Azure Active Directory by Microsoft. But in the meantime (hopefully will last forever)… Enjoy!

Please share your thoughts and experiences in the comments below.

 

That’s all for now. Till next time!

[contact-form-7 404 "Not Found"]

Microsoft Dynamics AX CommunitySubscribe to this blogger RSS FeedMy book on Merging global address book records in AX 2012

Comments17
  1. SohaibMarch 08, 2016   

    Hi André ,
    Is RTW version allowing to login with Domain contosoax7.onmicrosoft.com .?
    I have downloaded RTW Version but haven’t installed yet. I think previous version like CTP8 is not allowing to use domain contosoax7.onmicrosoft.com, we are using our own 365 subscription.

    • PaulMarch 09, 2016   

      Thanks André for sharing! And to answer Sohaibs question: Yes the code and the contoso personas also works in RTW.

      • André Arnaud de CalavonMarch 09, 2016   

        Hi Paul,
        Thanks for reading the blog and verifying the code. I’m glad it also works for you.

    • André Arnaud de CalavonMarch 09, 2016   

      Hi Sohaib,
      Just because you have to use your own tenant (365 subscription), initially the Contoso users cannot be used as they are not part of your own tenant. So this is the way to “activate” them. In fact for all CTP versions and RTW you have to use your own tenant. The code is written based on the RTW version. I have not tested it on previous CTP builds.

  2. MichelleMarch 09, 2016   

    Thank you so much. I have been searching for this!

  3. James TerringtonOctober 31, 2016   

    Hi Andre

    Just trying to access with multiple users in an AX7 Virtual Machine on my pc.

    I have used the Admin Prov. Tool to get my account to access and it works – great.

    But have not been able to able to setup standard Contoso users like CHARLIE to work in the VM (in combination with my user).

    Do you have any suggestions?

    • André Arnaud de CalavonNovember 03, 2016   

      Hi James,

      Thanks for reading the blog. To be honest I don’t understand exactly what you are trying to achieve. Do you want to link the worker CHARLIE to your Admin user account?

  4. RamanJanuary 12, 2017   

    Hi Andre,

    We are on a AX 2009 on-premise environment. Today, we have users from just one network domain. We have multiple network domains in the company. What is involved in adding users from other network domains.

    Thanks.

  5. Anna SvantessonMarch 03, 2017   

    Hi André,

    In update 4 the default domain has changed to https://sts.windows-ppe.net/ and all users have email addresses on taeofficial.ccsctp.net (like CLAIRE@taeofficial.ccsctp.net) instead of contosoax7.onmicrosoft.com. I have tried setting up different values for users and logging in, but with no success. I get the error message at login that this user does not exist. Any ideas on how to log in with different users in update 4?

    Thanks,,
    Anna

  6. Anna SvantessonMarch 04, 2017   

    Hi André

    In update 4, the domain has changed to https://sts.windows-ppe.net and the users have usernames on taeofficial.ccsctp.net (like CHARLIE@taeofficial.ccsctp.net). I have tried different ways to log in with different users, but without success. Have you got any idea on how to log in as another user in update 4?

    Thanks,
    Anna

    • André Arnaud de CalavonMarch 06, 2017   

      Hi Anna,

      Thanks for reading the blog. Update 4 is a platform update. Did you deploy a new machine on Azure? I haven’t done this yet, so I don’t know with what domain users are setup.
      You can try the pattern provided in my blog. That means try: https://sts.windows-ppe.net/taeofficial.ccsctp.net as domain for the demo users.

      • BaberMarch 08, 2017   

        Hi Andre,

        I downloaded D365 operations version 1611 platform update 3, and can see the network domain as https://sts.windows-ppe.net and network alias is taeofficial.ccsctp.net. I manually updated the values in SQL management studio as per your job for Admin user, but I can’t access AX workspace with the following credentials:

        Username : administrator@taeofficial.ccsctp.net
        Password: pass@word1

        This issue is driving me nuts. I want to access AX workspace in order to do some urgent estimation for development tasks, but stuck in this issue. Can you please help ?

        • André Arnaud de CalavonMarch 10, 2017   

          Hi Syed,

          Did you download the VM which can be run locally on Hyper-V? If so, you have to use the Admin provisioning tool to initialize your own Azure AD/O365 account. See also: https://ax.help.dynamics.com/en/wiki/access-microsoft-dynamics-ax-7-instances-2/.
          My blog was subject to activate the other (common) users with standard Demo credentials.

          kind regards,

          André

    • David SimonApril 24, 2017   

      Hi Anna!

      The updated domains and email addresses didn’t work for me either.

      I had to specify https://sts.windows.net/contosoax7.onmicrosoft.com as the domain and change the email addresses to NAME@contosoax7.onmicrosoft.com to be able to log in with the contoso accounts. So the setup needs to be reverted to the values described in the original blog post.

      Regards,
      David

    • Jefry ThenApril 25, 2017   

      I use Susan and it works. I change provider to :
      https://sts.windows.net/contosoax7.onmicrosoft.com
      and change email to :
      SUSAN@contosoax7.onmicrosoft.com

Leave a Comment!

Your email address will not be published. Required fields are marked *