In this guide, we will walk you through the step-by-step process of linking a Security Group in Business Central (BC) to an Azure Active Directory (AAD) security group.
This integration allows you to leverage the benefits of security groups in managing permissions effectively. By following these instructions, you can seamlessly establish the connection between BC and AAD, ensuring a smooth transition and enhanced security management.
What are Security Groups in D365 BC?
Security Groups are just like User Groups.
Security groups are new to Business Central in 2023 release wave 1.
They're similar to the user groups.
Like user groups, administrators assign permission sets to the security group.
Security groups will replace user groups in a future release. You can continue using user groups to manage permissions until then.
Steps to Create Security Groups in D365 BC
A prerequisite for using security groups in Business Central is that you create Azure Active Directory security groups and add members to them either in the Microsoft 365 admin center or in the Azure Active Directory portal.
So, let's first create the Azure Active Directory security groups and add members to them.
1) Go to Azure for your BC tenant through the below URL: https://portal.azure.com/
You should get the page as shown below. Click on the Azure Active Directory.
2) Click on Groups.
3) Click on New Group.
4) Now, update the fields as shown in the screenshot.
You can have the Group Name & Group Description as per your requirement.
Let's add members to the Security Group. For Instance: I want to add user Aman Saxena to the Security Group named D365 BC Finance.
Click on the No Members selected hyperlink. Then search the member in the search box and click on the member name.
5) Please verify if it is now showing under the Selected Items.
6) Note that now Under Members the hyperlink has changed to 1 member selected. Click on Create to confirm the creation of the security group with 1 member.
7) You can see the notification confirming the successful creation of the Security Group in Azure.
You can now see it under the list of available Azure groups with Group type = Security.
Now let's create the security group in D365 Business Central or in other words link the security group created in Azure Active Directory to BC.
8) Search for Security Groups in the search box (also known as Tell Me).
9) Click on New action.
10) Click on the ellipsis for AAD Security group name field.
11) You can see the Available Security Groups created on Azure here. Select the security group and click on Ok.
12) The Code field will be populated with the same name as the AAD Security group name. You can change it to give a more personalized name as per your need for referring in BC.
Click on OK to confirm the creation of the Security Group in BC.
You can see now it is showing under the Security Group list page and in the fact box the added member is also showing.
Add Permission Sets to the Security Groups
Adding Permission Sets in Security Groups is similar to adding Permission Sets in the User Group.
1) On the Security Groups list page you can find two options to add permission sets to the Security Groups. a) Permissions
b) Permission Set By Security Group
2) If you select Permission action, then you will get the below page. You can just click on new and select the Permission Sets from the lookup.
3) Also, you can select the Permission Set By Security Group action and add the permission sets in the Security group by selecting the checkboxes against the concerned security group column.
Migrating from existing User Groups to Security Groups
What to do if User Groups are existing in the system, are in use, and you want to switch to Security Groups?
It has been made clear by Microsoft that User Groups will be deprecated in the future release. So if anyone is using User Group they will now want to move to Security Groups.
How to achieve this? Well. Don't worry.
You can run the User Group Migration assisted setup guide to migrate them. The User Groups Migration guide runs automatically when you enable Feature: Convert user group permissions on the Feature Management page.
It is quite self-explanatory. So I will not show it step by step here.
That's all in this blog.
Hope it helps! Cheers! 🥂
Comments