When you deploy a machine with the new Microsoft Dynamics AX on Azure or download a virtual machine, the environment contains users with restricted rights. In previous versions of Dynamics AX you could directly use the Contoso users for your demonstrations to show what it looks like when a user has only certain roles assigned. In Microsoft Dynamics AX you will receive an error when the user is not recognized in your own tenant. This post will tell you how you can use the Contoso personas within your own environment without creating new demonstration users in your own Azure Active Directory.
Contoso personas
When Microsoft created the Contoso demonstration company, they also did investigation which personas would be working in the fictional company. So users and example roles are provided as outcome. When you look at the current demonstration database there are some users like:
- Charlie Carson : Chief executive officer
- Susan Burk: Sales clerk
- Tim Litton: Information technology manager
When you login as one of the Contoso employees the number of functionality is limited, meeting the permissions of this user and demonstration is more smoothly. The audience will not be overwhelmed by all possible functionality, but can focus on the process being demonstrated.
However when you run Microsoft Dynamics AX on your own tenant, login with a Contoso user is not working. Even when the user is enabled. You have to change settings on the users to be able to activate them running in your environment.
Activate Contoso users
Microsoft Dynamics AX is using Azure Active Directory for user authentication. Where you could setup a federation and have claims based users in Microsoft Dynamics AX 2012, you can now setup any user in your Microsoft Dynamics AX environment. There is only one rule. If the users does not belong to your Azure tenant, you have to specify the domain from the third party within the Domain field of the AX user.
By default the value in this field is https://sts.windows.net/. To have a third party user activated you need to add the domain behind this value. In this example this is contosoax7.onmicrosoft.com. So the full domain should be filled with the next value: https://sts.windows.net/contosoax7.onmicrosoft.com. When you save the user record, AX will also retrieve the Identity provider and a correct SID value. This will also work with any other third party domain when the users are setup as user in an Azure Active Directory.
Now you are able to start Microsoft Dynamics AX using the credentials from e.g. Susan. Open a browser and use the next credentials:
Username: susan@contosoax7.onmicrosoft.com
Password: Pass1Word
Note that some Contoso users might have other passwords. The most are setup using the password as mentioned above. The workspace and available menus will now look like the screenshot below for the sales clerk. You can notice that the default dashboard already contains less options. The same is valid for the main menu compared with system administrator rights.
There is more…
Changing about 80 Contoso users for the Domain field is a bit of a boring job. It can take some time to complete this task. To help myself I created a runnable class which will update the Contoso users to have the correct network domain filled as well as 2 related security fields. With the help of Visual Studio you can also implement this coding to update the values for the users in the current partition. Below I will share you these details. Note that using this code is at your own responsibility. Prevent changing users from your own domain. Wrong information in the user table might lock out those users.
In the next example I’m assuming you have an extension model created. A reference to the Application Platform and Application Foundation model are required. You have to create a new project and add a new item based on a Runnable Class. A runnable class is the replacement for the Jobs which were implemented as scripting tools in the previous versions of AX.
I named it ActivateContosoPersonas. In the code editor, type the next coding:
class ActivateContosoPersonas { /// <summary> /// Runs the class with the specified arguments. /// </summary> /// <param name = "_args">The specified arguments.</param> public static void main(Args _args) { AxaptaUserManager manager = new AxaptaUserManager(); UserInfo userInfo; xAxaptaUserDetails userDetails; var contosoTenant = "contosoax7.onmicrosoft.com";
ttsbegin; userInfo.skipAosValidation(true);
while select forupdate userInfo { if (strContains(userInfo.NetworkAlias, contosoTenant) && !strContains(userInfo.networkDomain, contosoTenant)) { userInfo.networkDomain += contosoTenant; UserInfo.IdentityProvider = Microsoft.Dynamics.AX.Security.AuthenticationCommon.AadHelper::GetCanonicalIdentityProvider(UserInfo.networkDomain); userDetails = manager.getSIDFromName(UserInfo.networkAlias, UserInfo.IdentityProvider, UserInfo.accountType); userInfo.sid = userDetails.getUserSid(0); userInfo.update(); } }
ttscommit;
}
}
Then save the changes. You have to set the new runnable class as Startup Object. Then you can build and run the solution. When everything is compiled correctly, this runnable class will open an Internet browser and show you when the code is complete.
Now all users are migrated to be able to log on to Microsoft Dynamics AX. Note that some users might have other passwords setup. Also I don’t have information if and when the users will be retired from Azure Active Directory by Microsoft. But in the meantime (hopefully will last forever)… Enjoy!
Please share your thoughts and experiences in the comments below.
That’s all for now. Till next time!