Lab - Work with security

  • 30 minutes

Read this first - before you start the lab!

Important

For this lab, you CANNOT sign in with your own credentials. Use the following steps to sign in to your lab environment with the correct credentials.

  1. Ensure that you are signed in to Microsoft Learn.

  2. Select Launch VM mode or Sign in to launch VM mode in this unit.

  3. In the Resources tab on the lab side bar, select the T icon next to Password in the MININT box, to have the administrator password for the Virtual Machine entered for you.

    Screenshot of the administrator password.

  4. Select Enter.

  5. Microsoft Edge will open. Wait for it to navigate to the Sign in page for finance and operations.

  6. On the Microsoft Sign in page in finance and operations, place your mouse cursor into the Username field.

  7. On the Resources tab of the lab side bar, below the Azure portal heading, select the T icon next to Username, then press Enter.

    Screenshot of the Username field and the Sign in dialog box that appears.

  8. Your mouse cursor will now be in the Password page.

  9. On the Resources tab of the lab side bar, below the Azure portal heading, select the T icon next to select Password, then press Enter.

    Screenshot of the Password field the Enter password dialog box that appears.

  10. Don't stay signed in or store the password on the virtual machine.

  11. Select Accept in the Permissions requested page.

    Screenshot of the Permissions requested page.

  12. To see the lab instructions, select the Instructions tab on the lab side bar.

You can now begin your work on this lab.

Scenario - Create a new user and assign a security role

The HR department of company USMF has requested access to finance and operations apps for a new hired employee as an accounts payable clerk.

You must create a new user ID for the new hired employee and assign the default the company to USMF and associate the accounts payable clerk role.

  1. Go to System administration > Users > Users.
  2. Select New.
  3. In the User ID field, enter a unique identifier for the user. A user ID is required.
  4. In the User name field, enter John.
  5. In the Company field, select the drop-down button to open the lookup.
  6. In the list, select USMF.
  7. In the Email field, enter "john@contoso.com".
  8. Select Assign roles in the User's roles section.
  9. In the list, find and select Accounts payable clerk.
  10. Select OK.
  11. Select Save.

Scenario - Import users in bulk as a batch job

The HR department of company USMF is hiring new employees for different roles in the next few weeks. The active directory user accounts will be created as part of onboarding process. You must import many users from Microsoft Entra ID into finance and operations apps.

  1. Go to System administration > Users > Users.
  2. Select Batch import.
  3. Expand the Run in the background section.
  4. Select Yes in the Batch processing field.
  5. In the Task description field, type a value.
  6. In the Batch group field, enter or select a value, such as 'DOMBatch'.
  7. Select Yes in the Private field.
  8. Select Yes in the Critical Job field.
  9. In the Monitoring category field, select an option, such as 'Integration'.
  10. Select OK.
  11. After the batch job is completed, all new users from active directory will be imported in finance and operations apps.
  12. Close the page.

Scenario - Assign users to security roles dynamically

The HR department of USMF has requested to dynamically assign users to the Accounting supervisor role based on a criterion defined by HR department. Associate the Accounting supervisor role based on the rule defined by the HR department to the selected employees.

  1. Go to System administration > Security > Assign users to roles.
  2. In the tree, select Accounting supervisor.
  3. Select Add rule to open the drop dialog.
  4. In the list, find and select the wanted query rule, such as 'FMDynamicRoleAssignmentWorkerTitle'.
  5. In the list, select the link in the selected row.
  6. Select Edit query. You can change the query as you desire.
  7. Select OK.
  8. Close the page.

Scenario - Exclude users from a role assignment

The HR department of USMF has requested to remove access for the Accounts receivable clerk role in finance and operations apps for an employee who has changed role.

  1. Go to System administration > Security > Assign users to roles.
  2. In the tree, select Accounts receivable clerk.
  3. Select Manually assign / exclude users.
  4. In the list, select a user.
  5. Select Exclude from role to exclude the selected users from the role.
  6. To remove exclusions, select the users that you want to remove exclusions for, and then select Reset status.
  7. Close the page.

Scenario - Set up segregation of duties

The HR department of USMF has requested a rule for segregation of duties for the Access benefits workspace, and the Approve production journal. You must create the rule in finance and operations apps.

Complete the following procedure to create a rule. You must be a system administrator to complete the procedure. The demo data company used to create this procedure is DAT.

  1. Switch to companyDAT.
  2. Go to System administration > Security > Segregation of duties > Segregation of duties rules.
  3. Select New.
  4. In the Name field, enter a name for the rule.
  5. In the First duty field, select the drop-down button to open the lookup.
  6. In the list, find and select the first duty that is controlled by the rule, Access benefits workspace.
  7. In the Second duty field, select the drop-down button to open the lookup.
  8. In the list, find and select the second duty that is controlled by the rule, Approve production journal.
  9. In the Severity field, select the severity of the risk that occurs when the same user or role performs both duties.
  10. In the Security risk field, enter a description of the security risk.
  11. In the Security mitigation field, type a value.
  12. Enter a description of the actions that you take to mitigate the security risk.
  13. For example, you can mitigate the risk by conducting more detailed reviews of the process, by conducting a monthly managerial review, or by sharing resources with other departments.
  14. Select Save.
  15. Close the page.

Close the lab environment

  1. Select Done in the Instructions pane in the lab side bar.
  2. In the Lab is complete window, select Continue, and then select Leave to return to the next unit in the module.