in Online, for users to synchronize they need to meet 4 conditions:
– they need to exist in AzureAD. This means that the user login should be done with email@example.com and not in the form domainusername, and with the password for the AzureAD
– They need to be enabled in AzureAD.
– They need a valid license. This means either a Dynamics license, or a PowerAutomate, PowerApps, etc license.
– If the environment has a security group associated, the users need to be part of the security group.
If your users meet these conditions, they’re automatically “Created” (Synchronized) to the Online environment.
In order to login, they would also need a security role assigned. Security roles can be assigned directly to them, or through a Team within Dynamics. Once the users are added to the team, they will inherit the role.