Partner Access to the Customer Environment
Note: The GDAP request that LS Retail makes to the customer (in step 4) only provides LS Retail Support team access to the BC environment for a limited amount of time; it does not provide access for partners.
Partners need to create a separate GDAP request for the customer from their Partner Center.
Option A - Using GDAP (recommended)
Partners should create a separate GDAP request for the customer from their own Partner Center tenant. This provides:
- Secure, least privileged access
- Time bound permissions
- No requirement for customer licenses
More information on how to do this:
- GDAP introduction: https://licensehelp.azurewebsites.net/Content/OpGuide2019/GDAP%20Instructions.htm
- How to obtain a GDAP: https://learn.microsoft.com/en-us/partner-center/customers/gdap-obtain-admin-permissions-to-manage-customer
- How to approve a GDAP: https://learn.microsoft.com/en-us/partner-center/customers/gdap-customer-approval
- GDAP FAQ: https://learn.microsoft.com/en-us/partner-center/customers/gdap-faq
Option B - External (guest) User Access
If the customer is for some reason is not able to accept the GDAP request from the partner the partner consultant can be added as an Azure AD B2B guest user.
- A Business Central user license must be assigned to the guest user.
- Appropriate BC roles and permission sets must be configured.
This option should be considered only when GDAP is not possible, as it requires additional licensing and manual maintenance.
More information:
- How to invite guest user (Azure AD B2B):
- Quickstart: Add a guest user and send an invitation [learn.microsoft.com]
- Invite guest & manage groups/apps: Add B2B collaboration users [learn.microsoft.com]
- Business Central license & role assignment:
- Authenticating Business Central Users with Microsoft Entra ID [learn.microsoft.com]
Step 6