Configure Lifecycle Services (LCS) security
Important
As part of the One Dynamics One Platform work effort, some Microsoft Dynamics 365 Lifecycle Services (LCS) features have been deprecated. For more information, see Removed or deprecated platform features.
Security in Microsoft Dynamics Lifecycle Services (LCS) is controlled at both the organization level and the project level. Not all members of an organization have access to all projects. Additionally, the members of a project might not all be members of the same organization.
Currently, users can sign in by using the Microsoft Microsoft Entra credentials that they created in the Microsoft 365 portal when they signed up. Users who are administrators for their organization in Microsoft Entra ID will be administrators in Lifecycle Services (LCS).
Project-level access to LCS is by invitation. You can invite members of your organization to be project owners and team members. Additionally, you can invite users who aren't part of your organization, and who don't have accounts in Microsoft Entra to be team members.
Important
We strongly recommend that you manage all users within your company at the organization level. Additionally, you help ensure that users can access the benefits that are available to your organization.
Organizational roles
There are three types of organizational roles in LCS:
- Admin
- Contributor
- Delegated admin
Organization admin
At the organization or tenant level, anyone who has the Global Administrator role in Microsoft Entra ID automatically becomes an organization admin when they sign in to LCS. These admins can then promote other users who are currently contributors to admins. Admins have unique capabilities. For example, they can add themselves as a project owner to any project that is owned by their tenant, even if they weren't previously part of that project.
In addition, admins can create additional LCS implementation projects by following the steps in Create multiple LCS projects.
Organization contributor
Contributors are other users from your Microsoft Entra tenant, but they don't have admin capabilities. Contributors can create projects. They can also create the first implementation project if they are the first user of their tenant to sign in, and if they do so after the purchase of applicable finance and operations apps licenses.
Delegated admin
The delegated admin role is identical to the admin role, except the user is from a Microsoft partner tenant and has an established relationship with the customer organization. The delegated admin can sign in on behalf of the customer, and can perform required operations and provide required support.
Manage LCS organization users
Only an administrator can manage users. Follow these steps.
- In PartnerSource Business Center (PSBC) or Microsoft Entra ID, associate all the users in your organization who require access to LCS with your organization. Users might have to wait up to two business days before they can sign in to LCS.
- Add your users to the appropriate projects in LCS.
Invite a user to an LCS project
- Sign in to LCS.
- Select the project to add the user to.
- Select Project users on the hamburger menu or the Project users tile, and then, on the Project users page, select the plus sign (+).
- Enter the user’s email address, select the correct security role, and then select Invite.
Note
For implementation projects, you can select the implementation role for the invited user. If you set Allow FastTrack to contact to Yes, then Microsoft FastTrack team may reach out to you based on your implementation role and the stages of the implementation project.
Configuring project security
You can invite users from inside or outside your organization to join your project as users. The following table describes the roles that are available for users.
| Role | Description |
|---|---|
| Project owner | Members of this role have access to all tools in LCS, can add other users in any role, and can delete the project. |
| Environment manager | Members of this role have access to all tools in LCS and can manage cloud-hosted environments. |
| Project team member | Members of this role have access to all tools in LCS but can't manage cloud-hosted environments. |
| Project team member (prospect) | Members of this role have limited access to all tools in an LCS project. Prospects are users who have been added to a project, but who don't have an account in VOICE or an Microsoft Entra account. You can identify that a user is a prospect, because prospect is listed as the organization. |
| Operations user | Members of this role have access to the following tools in LCS:
|
After you've configured security for one project, you can import the users to another project.
Configure implementation roles
If you have an implementation project, you will have the option to specify project user's implementation roles. For more information, see Roles in a Dynamics 365 implementation.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for