AX: How to enable the Contoso personas
When you deploy a machine with the new Microsoft Dynamics AX on Azure or download a virtual machine, the environment contains users with restricted rights. In previous versions of Dynamics AX you could directly use the Contoso users for your demonstrations to show what it looks like when a user has only certain roles assigned. In Microsoft Dynamics AX you will receive an error when the user is not recognized in your own tenant. This post will tell you how you can use the Contoso personas within your own environment without creating new demonstration users in your own Azure Active Directory.
Contoso personas
When Microsoft created the Contoso demonstration company, they also did investigation which personas would be working in the fictional company. So users and example roles are provided as outcome. When you look at the current demonstration database there are some users like:
- Charlie Carson : Chief executive officer
- Susan Burk: Sales clerk
- Tim Litton: Information technology manager
When you login as one of the Contoso employees the number of functionality is limited, meeting the permissions of this user and demonstration is more smoothly. The audience will not be overwhelmed by all possible functionality, but can focus on the process being demonstrated.
However when you run Microsoft Dynamics AX on your own tenant, login with a Contoso user is not working. Even when the user is enabled. You have to change settings on the users to be able to activate them running in your environment.
Activate Contoso users
Update: The users on the contosoax7.onmicrosoft.com tenant are not available anymore. You can actually use users from your own Azure AD. Replace the Alias field with the email address of one of your own users. Continue to read this blog as it still contains valuable information.
Microsoft Dynamics AX is using Azure Active Directory for user authentication. Where you could setup a federation and have claims based users in Microsoft Dynamics AX 2012, you can now setup any user in your Microsoft Dynamics AX environment. There is only one rule. If the users does not belong to your Azure tenant, you have to specify the domain from the third party within the Domain field of the AX user.
By default the value in this field is https://sts.windows.net/. To have a third party user activated you need to add the domain behind this value. In this example this is contosoax7.onmicrosoft.com. So the full domain should be filled with the next value: https://sts.windows.net/contosoax7.onmicrosoft.com. When you save the user record, AX will also retrieve the Identity provider and a correct SID value. This will also work with any other third party domain when the users are setup as user in an Azure Active Directory.
Now you are able to start Microsoft Dynamics AX using the credentials from e.g. Susan. Open a browser and use the next credentials:
Username: susan@contosoax7.onmicrosoft.com
Password: Pass1Word
Note that some Contoso users might have other passwords. The most are setup using the password as mentioned above. The workspace and available menus will now look like the screenshot below for the sales clerk. You can notice that the default dashboard already contains less options. The same is valid for the main menu compared with system administrator rights.
There is more…
Changing about 80 Contoso users for the Domain field is a bit of a boring job. It can take some time to complete this task. To help myself I created a runnable class which will update the Contoso users to have the correct network domain filled as well as 2 related security fields. With the help of Visual Studio you can also implement this coding to update the values for the users in the current partition. Below I will share you these details. Note that using this code is at your own responsibility. Prevent changing users from your own domain. Wrong information in the user table might lock out those users.
In the next example I’m assuming you have an extension model created. A reference to the Application Platform and Application Foundation model are required. You have to create a new project and add a new item based on a Runnable Class. A runnable class is the replacement for the Jobs which were implemented as scripting tools in the previous versions of AX.
I named it ActivateContosoPersonas. In the code editor, type the next coding:
class ActivateContosoPersonas { /// <summary> /// Runs the class with the specified arguments. /// </summary> /// <param name = "_args">The specified arguments.</param> public static void main(Args _args) { AxaptaUserManager manager = new AxaptaUserManager(); UserInfo userInfo; xAxaptaUserDetails userDetails; var contosoTenant = "contosoax7.onmicrosoft.com";
ttsbegin; userInfo.skipAosValidation(true);
while select forupdate userInfo { if (strContains(userInfo.NetworkAlias, contosoTenant) && !strContains(userInfo.networkDomain, contosoTenant)) { userInfo.networkDomain += contosoTenant; UserInfo.IdentityProvider = Microsoft.Dynamics.AX.Security.AuthenticationCommon.AadHelper::GetCanonicalIdentityProvider(UserInfo.networkDomain); userDetails = manager.getSIDFromName(UserInfo.networkAlias, UserInfo.IdentityProvider, UserInfo.accountType); userInfo.sid = userDetails.getUserSid(0); userInfo.update(); } }
ttscommit;
}
}
Then save the changes. You have to set the new runnable class as Startup Object. Then you can build and run the solution. When everything is compiled correctly, this runnable class will open an Internet browser and show you when the code is complete.
Now all users are migrated to be able to log on to Microsoft Dynamics AX. Note that some users might have other passwords setup. Also I don’t have information if and when the users will be retired from Azure Active Directory by Microsoft. But in the meantime (hopefully will last forever)… Enjoy!
Please share your thoughts and experiences in the comments below.
That’s all for now. Till next time!
Hi André ,
Is RTW version allowing to login with Domain contosoax7.onmicrosoft.com .?
I have downloaded RTW Version but haven’t installed yet. I think previous version like CTP8 is not allowing to use domain contosoax7.onmicrosoft.com, we are using our own 365 subscription.
Thanks André for sharing! And to answer Sohaibs question: Yes the code and the contoso personas also works in RTW.
Hi Paul,
Thanks for reading the blog and verifying the code. I’m glad it also works for you.
Hi Sohaib,
Just because you have to use your own tenant (365 subscription), initially the Contoso users cannot be used as they are not part of your own tenant. So this is the way to “activate” them. In fact for all CTP versions and RTW you have to use your own tenant. The code is written based on the RTW version. I have not tested it on previous CTP builds.
Thank you so much. I have been searching for this!
Hi Andre
Just trying to access with multiple users in an AX7 Virtual Machine on my pc.
I have used the Admin Prov. Tool to get my account to access and it works – great.
But have not been able to able to setup standard Contoso users like CHARLIE to work in the VM (in combination with my user).
Do you have any suggestions?
Hi James,
Thanks for reading the blog. To be honest I don’t understand exactly what you are trying to achieve. Do you want to link the worker CHARLIE to your Admin user account?
Hi Andre,
We are on a AX 2009 on-premise environment. Today, we have users from just one network domain. We have multiple network domains in the company. What is involved in adding users from other network domains.
Thanks.
Hi André,
In update 4 the default domain has changed to https://sts.windows-ppe.net/ and all users have email addresses on taeofficial.ccsctp.net (like CLAIRE@taeofficial.ccsctp.net) instead of contosoax7.onmicrosoft.com. I have tried setting up different values for users and logging in, but with no success. I get the error message at login that this user does not exist. Any ideas on how to log in with different users in update 4?
Thanks,,
Anna
Hi André
In update 4, the domain has changed to https://sts.windows-ppe.net and the users have usernames on taeofficial.ccsctp.net (like CHARLIE@taeofficial.ccsctp.net). I have tried different ways to log in with different users, but without success. Have you got any idea on how to log in as another user in update 4?
Thanks,
Anna
Hi Anna,
Thanks for reading the blog. Update 4 is a platform update. Did you deploy a new machine on Azure? I haven’t done this yet, so I don’t know with what domain users are setup.
You can try the pattern provided in my blog. That means try: https://sts.windows-ppe.net/taeofficial.ccsctp.net as domain for the demo users.
Hi Andre,
I downloaded D365 operations version 1611 platform update 3, and can see the network domain as https://sts.windows-ppe.net and network alias is taeofficial.ccsctp.net. I manually updated the values in SQL management studio as per your job for Admin user, but I can’t access AX workspace with the following credentials:
Username : administrator@taeofficial.ccsctp.net
Password: pass@word1
This issue is driving me nuts. I want to access AX workspace in order to do some urgent estimation for development tasks, but stuck in this issue. Can you please help ?
Hi Syed,
Did you download the VM which can be run locally on Hyper-V? If so, you have to use the Admin provisioning tool to initialize your own Azure AD/O365 account. See also: https://ax.help.dynamics.com/en/wiki/access-microsoft-dynamics-ax-7-instances-2/.
My blog was subject to activate the other (common) users with standard Demo credentials.
kind regards,
André
Hi Anna!
The updated domains and email addresses didn’t work for me either.
I had to specify https://sts.windows.net/contosoax7.onmicrosoft.com as the domain and change the email addresses to NAME@contosoax7.onmicrosoft.com to be able to log in with the contoso accounts. So the setup needs to be reverted to the values described in the original blog post.
Regards,
David
I use Susan and it works. I change provider to :
https://sts.windows.net/contosoax7.onmicrosoft.com
and change email to :
SUSAN@contosoax7.onmicrosoft.com
This worked perfect, but the passwords have been changed.
Does anyone know the new passwords?
Kind regards,
Jan van Maanen
Hi Jan,
Unfortunately, I don’t know if there are new passwords or if the users have been disabled by Microsoft.
Hi Andre,
I’ve been using Susan for some time now as I find it invaluable for testing security settings, however some time in the last couple of weeks, I’ve been unable to login with any of the contoso users, do you know if they’ve been disabled for some reason?
thank you
Antony
Hi Antony,
I think Microsoft did change their demo users. The domain is different now. Also the password might have been changed or indeed the user can be disabled/removed by Microsoft.
kind regards,
André
Did anyone figure out the new password for the users, or do we have to create new users in our own AAD?
Hi Søren,
At this moment it would be the best to create own users in AAD. You can then change the email on existing users or create new users.
kind regards,
André
It HAS to be on a new DEMO AAD? so the adresses are always @….onmicrosoft.com?
Hi Søren,
It can be any AAD. The suffix .onmicrosoft.com is not required.
kind regards,
André
And then it should be possible just to change the Provider to e.g. Axsoft.dk nad then change the users email i D365?
Hi Søren,
If the deployment and admin account are running on this domain, you can just run with the setting ‘https://sts.windows.net/’. Otherwise you need to add the domain behind this part.
kind regards,
André
Thanks it worked… I changed the Provider field to my domain and that was a mistake… chaning it back to ‘https://sts.windows.net/’. did the trick… users from another domain works if I put their domain after the provider.: ‘https://sts.windows.net/Anotherdomain.dk’