Lifecycle Services security

Completed

This unit will help you understand how you can add users to projects within Lifecycle Services and which users might require access to certain features.

To create a user in Lifecycle Services, you must first identify where the user comes from.

The user might be present in the customer's Microsoft Entra Domain Services as a native user. The user might be invited to the customer's Microsoft Entra ID as a guest. Or, the user might come from a foreign Microsoft Entra tenancy.

You'll need to invite the user to the Lifecycle Services project by using the user's Microsoft Entra login ID. This won't always be the same as their email address but often is. After the user is invited to the Lifecycle Services project, that user is automatically created in the Lifecycle Services organization.

Before you begin to add users to finance and operations apps, you must know what domain that user is in. This user could be in a Microsoft account or another external Microsoft Entra ID domain, or the user could be in the same tenant as the Microsoft Entra ID presence of the application. You can get this information from your network administrator. You must know the user's email.

In finance and operations apps each user must be assigned an internal user ID. This user ID must not exceed 20 characters and can't be duplicated within the environment. This user ID can match the prefix of the user's email. If the user is in the same Microsoft Entra tenant, the Import button can be used to load the user directly into finance and operations apps from Microsoft Entra ID.

All users in a Lifecycle Services project can collaborate with each other during the implementation, follow the methodology, share artifacts using Microsoft OneDrive or SharePoint folders.

Microsoft Azure subscription

To deploy finance and operations apps to Microsoft Azure via a Lifecycle Services project, you must have an Azure subscription, grant appropriate access permissions to the Azure resource named Dynamics Deployment Services, and finally you must enable the Azure Resource Manager (ARM).

To use Azure Resource Manager (ARM) based deployment, the tenant administrator of the organization that owns the subscription must grant access to the applications on the tenant. To do this, or to verify if this exercise has already been completed, select the Authorize link for the tenant that owns the subscription that you'll use for deployment. If access hasn't been granted, or if you aren't the administrator of the tenant, ask your administrator to complete the activity so that you can deploy ARM-based topologies through Lifecycle Services.

After the Dynamics Deployment Services [wsfed-enabled] was assigned a role as contributor, you can continue with downloading the certificate.

This certificate must be uploaded to your Azure subscription, to establish connectivity between Lifecycle Services and Azure portal. Without this link, you can't deploy finance and operations apps in Azure cloud.