Configure Lifecycle Services security

Security in Microsoft Dynamics Lifecycle Services (LCS) is controlled at both the organization level and the project level. Not all members of an organization have access to all projects. Additionally, the members of a project might not all be members of the same organization.

For the current version of Microsoft Dynamics 365 for Finance and Operations, users can sign in by using the Microsoft Azure Active Directory (Azure AD) credentials that they created in the Microsoft Office 365 portal when they signed up. Users who are administrators for their organization in Azure AD will be administrators in Microsoft Dynamics Lifecycle Services (LCS). For Microsoft Dynamics AX 2012, organization-level access to LCS is controlled by the association of a person’s Microsoft ID with an organization in CustomerSource or PartnerSource. Therefore, users of CustomerSource or PartnerSource automatically have access to their organization’s workspace in LCS, and can view all projects that they have been invited to participate in. Users who are administrators for their organization in CustomerSource and PartnerSource will be administrators in LCS. Although an administrator can invite people who don’t have CustomerSource or PartnerSource credentials to be members of an organization in LCS, we don't recommend this approach. People who are invited to be members of an LCS organization aren't provided with credentials in CustomerSource or PartnerSource. Project-level access to LCS is by invitation. You can invite members of your organization to be project owners and team members. Additionally, you can invite users who aren't part of your organization, and who don't have accounts in Azure AD or CustomerSource or PartnerSource, to be team members. Important: We strongly recommend that you manage all users within your company at the organization level. In that way, you help guarantee that their relationship with your organization is correct in CustomerSource, PartnerSource, and Azure AD. Additionally, you help guarantee that users can access the benefits that are available to your organization.

Manage LCS organization users

Only an administrator can manage users. Follow these steps.

  1. In CustomerSource, PartnerSource, or Azure AD, associate all the users in your organization who require access to LCS with your organization. Users might have to wait up to two business days before they can sign in to LCS.
  2. Add your users to the appropriate projects in LCS.

Invite a user to an LCS project

  1. Sign in to LCS.
  2. Click the project to add the user to.
  3. Click the Project users tile, and then, on the Project users page, click the plus sign (+).
  4. Enter the user’s email address, select the correct security role, and then click Invite.

Working with CustomerSource and PartnerSource

The information in this section is intended to help you access CustomerSource or PartnerSource.

Signing in to CustomerSource or PartnerSource

Visit the CustomerSource sign-in page, and enter the user name and password for your Microsoft account (previously known as Windows Live ID) to access the site. If you don't have access to your organization’s CustomerSource account, follow the steps on the How to sign in to CustomerSource page.

Determining the administrator for your organization in CustomerSource or PartnerSource

If you don’t know your CustomerSource administrator, or if your organization doesn’t have a CustomerSource administrator, send an email message to itmbssup@microsoft.com for help.

Configuring project security

You can invite users from inside or outside your organization to join your project as users. The following table describes the roles that are available for users.

Role Description
Project owner Members of this role have access to all tools in LCS, can add other users in any role, and can delete the project.
Environment manager Members of this role have access to all tools in LCS and can manage cloud-hosted environments.
Project team member Members of this role have access to all tools in LCS but can't manage cloud-hosted environments.
Project team member (prospect) Members of this role have limited access to all tools in an LCS project. Prospects are users who have been added to a project, but who don't have an account in VOICE or an Azure AD account. You can identify that a user is a prospect, because prospect is listed as his or her organization.
Operations user Members of this role have access to the following tools in LCS:
  • System diagnostics
  • Issue search
  • Cloud-powered support
  • Updates
  • Cloud-hosted environments

After you've configured security for one project, you can import the users to another project.