December 22, 2015 3:21 pm

Using Multi-user and roles in Dev Center

Earlier this month we announced the release of one of the most requested features in Dev Center: support for multiple users in a single Dev Center account with the ability to manage access through roles. With multi-user there is much greater account management flexibility. For example, you can now delegate engineering work to one individual or company while providing access to financial information to a different individual or company.

In this blog, I’ll walk you through some common scenarios that you might encounter with this new feature.
The multi-user access is managed through Azure Active Directory (AAD), and an Azure AD user account with admin permissions for your organization is required. You can visit the MSDN documentation for information on how to enable multi-users on your account, and you can also check out the Multi-user Support in Dev Center video on Channel 9.

Setting up the Azure Active Directory

The first step in setting up multi-users is to set up Azure Active Directory. We recommend you carefully consider your business goals before deciding on the Azure AD plan that works best for you and your apps. There are three different scenarios to consider:

  1. Your company currently has an Azure AD, and you can easily identify the admin for your Azure AD.
    1. You’re ready to go. Follow the instructions to link your Azure AD to your Dev Center account.
  2. Your company may have an Azure AD, but you cannot easily identify the admin for your Azure AD.
    1. We recommend you research this internally to identify your Azure AD admin, as unlinking an incorrect Azure AD requires opening a support ticket, can take several days, and can disrupt the use of the users that are accessing Dev Center. If your company does have an Azure AD but is unable to link someone with admin permissions to Dev Center, we recommend that you do not link your Azure AD to your Dev Center account at this time.
  3. Your company does not have an Azure AD.
    1. You’ll need to set up an Azure AD and have several options:
      1. Free Azure AD account: This option is best if you only plan to use Azure AD for multi-user roles, and have no plans to use it in any other capacity.
      2. Pay-as-you-go Azure AD account: This option is best if your organization may use Azure AD in a limited capacity for Dev Center only. Consider this option if your Dev Center “owner” may change at some point, or if you would like to use Azure AD for other Dev Center features like Windows Store Purchase API.
      3. Azure AD subscription: Azure AD offers identity and access management for all your cloud-based needs at affordable pricing. Consider this option if your organization uses cloud-based features on a regular basis.

Adding an external user or group to Dev Center

One of the most common scenarios in app development is when a company contracts another developer or company to create or contribute to an app. In this case, you may want to add a user or group to your Dev Center account, though they may not have an account in your Azure AD. The “Add a new user” or “Add a new group” options will allow you to add a user or group to your Dev Center account. This user or group’s permissions can later be added or removed from Dev Center, though it’s important to note that adding a user/group to Dev Center will also create a user/group in your Azure AD that can only be fully managed within Azure.

  1. To add a single user:
    1. From the “Manage users” option in “Account Settings”, select “Add user”. From the “Add user” screen, select the “New user” button at the top.
      1_newUser
    2. Complete the required fields. Note that the user name will be an email address under your company’s email domain. Select the appropriate role, and click “Save”.
      2_newUserData
    3. Dev Center will confirm the user has been added, and that an account has been created for the user. The user name and a temporary password will be provided. The user will be prompted to change their password the first time they log into Dev Center.
      3_confirmNewUser
  2. To add a group of users:
    1. From the “Manage users” option in “Account Settings”, select “Add group”. From the “Add group” screen, select the “New group” button at the top.
      4_addGroup
    2. Name your group, select the appropriate role for the group, and then select (or add) your users to the group.
      5_newGroupData
    3. Dev Center will confirm the users have been added to your account. You can manage the group via the “Editing a user” option.
      6_confirmGroupData
  3. Note: At this time, Visual Studio does not support Azure AD logins, which means that to package an app for Store submission, the “Developer” role must log in to Visual Studio with the primary Dev Center account credentials, rather than their Azure AD credentials. If this is an important scenario for your organization and you would like to see it supported, please vote for it in UserVoice.

Removing a user from Dev Center

There are two cases when you might want to remove a user from Dev Center: 1) the user has left your company or was a temporary employee/contractor that no longer works for you, or 2) the user has swapped roles within your company. It’s easy to remove or change the user’s role on your Dev Center account.

  1. To change a user’s role in Dev Center
    1. From the “Manage users” option in “Account Settings”, click on the user (or group) in question.
      7_manageUser
    2. Check the new access level you would like to assign to the user, and click “Save”. The user’s access will be updated next time they log in to Dev Center.
      8_devCenterUser
  2. To remove a user from Dev Center
    1. From the “Manage users” option in “Account Settings”, click on “Remove” from the user (or group) in question.
      9_manageUser
    2. Dev Center removes the user instantly, without a confirmation screen. Note that this does not remove the user from your organization’s Azure AD. Also note that you can add the user back in the future.

Enabling a third party developer to submit apps in Dev Center

Third party developers sometimes submit apps on behalf of an app publisher, and the “Developer” role allows the user to submit app packages. However, Visual Studio does not currently support Azure AD logins, so a developer will not be able to upload the package from Visual Studio if they don’t have access to the primary Dev Center account credentials. We are aware of this limitation, and are actively working to implement a solution for this scenario in 2016. If you think this is an important scenario to support sooner, please vote for it in user voice.

A workaround is available for Windows 8.x and Windows Phone 8.x apps, you can read more about it here.

Feedback

Our team is excited to bring you this much anticipated feature, and we look forward to introducing more functionality in future updates. As you explore and use these new capabilities, please send us feedback via the Windows Feedback tool, the “Feedback” button in Dev Center 10_feedback found in the bottom right.

Updated January 7, 2016 11:33 am

Join the conversation

  1. Why can’t we just use our existing Microsoft accounts and specify the members and roles on dev.windows.com?

  2. Oh yeh definitely voting this feature. Essentially the developer role is useless til this is complete.

    https://wpdev.uservoice.com/forums/110705-universal-windows-platform/suggestions/11171271-allow-users-with-the-developer-role-to-create-app

    “developer will not be able to upload the package from Visual Studio if they don’t have access to the primary Dev Center account credentials. We are aware of this limitation, and are actively working to implement a solution for this scenario in 2016”

  3. I don’t have Company Dev Center account.
    Is this also applicable to Individual Dev Center account type?
    If I integrate Azure AD to my Dev Center it will automatically converts to company account or it keeps my account as Individual type only?