Azure Active Directory (Microsoft Entra ID) authentication

Follow

 

Turn on the integration from Gillie to Azure Active Directory

Add Gillie's roles to Active Directory

Add Gillie's teams to Active Directory

 

1. Turn on the integration from Gillie to Azure Active Directory

  1. Log in to Gillie as an admin user
  2. Click integrations from the left menu
  3. Click the +New button
  4. From the list, select Azure openid
  5. Turn on the active toggle
  6. Give the integration a descriptive name
  7. Enter the last part of the AD email address (eg if the email is firstname.lastname@gillie.onmicrosft.com then enter gillie.onmicrosoft.com)
  8. Enter the uuid identifier (Directory ID) of the Azure directory
    1. Sign in to Azure
    2. Select Active Directory and then Properties
    3. Copy the Directory ID from Active Directory to Gillie (see image below)
  9. In Gillie, turn on the automatic user creation toggle (create users in Gillie based on AD information)
  10. In Gillie, click save
  11. Log in to Gillie's login with
    1. a user ID having AD admin rights or
    2. normal user ID, but in such a way that a person with AD admin rights is present.
  12. The Azure service opens the Permissions requested window. (see screenshot below). Turn on Consent on behalf of your Organization. If the person who logged in does not have rights to grant consent, at this point the person with admin rights must use their own credentials to grant consent. After this, regular AD users have the right to read group information from Active Directory when logging in to Gillie. Make sure the browser address bar starts with https://login.microsoftonline.com.
  13. Note! The AD admin is usually not a Gillie user and does not have Gillie's Role Information in AD. For this reason, after granting Consent, Gillie returns the AD admin user to the Gillie login. Despite this, Consent has been granted.

 

 

 

Na_ytto_kuva_2019-9-4_kello_11.23.29.png

Image: In Azure, set the right (Consent on behalf of your organization) for an ordinary user to read group information from Active Directory.

 

Na_ytto_kuva_2019-10-24_kello_9.23.28.png 

Image: Copy Directory ID from Azure to Gillie. When the Automatically create users in Gillie switch is on, the user rights are copied from AD to Gillie every time a user logs in to Gillie.

 

How do I give an AD user access to all clients?

  1. In AD, add the user to a group (in this example, gilliegroup_all) you want to have access to all clients.
  2. Log in to Gillie as an administrator and switch to the administrator view
  3. Click integrations from the left menu
  4. Select Azure Open ID integration
  5. Enter the AD group name or ID that gives the user access to all clients
  6. Save the changes

 

Note! AD role name must not start with gillieteam_ or gillierole_ , they are reserved words.

 

Na_ytto_kuva_2019-10-24_kello_9.40.21.png

Image: Gillie's integration states that users belonging to AD's gilliegroup_all have access to customers on all teams.

 

2. Add Gillie's roles to Active Directory

Role names

The default roles are (in parentheses the role identifier used in AD)

  • Family member (self)
  • Profressional (staff)
  • Admin (admin)

Customizable roles

you can create your own roles in addition to the default roles, for example you create a role called customrole (write the name of the role in Gillie in lower case letters)

The roles are determined based on groups in AD. There are two ways to define roles:

1. Freely set name. In Gillie, the names or IDs of the AD groups, on the basis of which the roles are assigned, are reported. The advantage here is that you can choose the names of the AD groups freely, and the corresponding disadvantage is that you have to tell the names of the AD groups in Gillie.

2. Based on a naming convention. In AD, the role name syntax is gillierole_<role> . For example, the professional role is gillierole_staff . Or the name of the tailor role becomes gillierole_customrole in AD. The lowercase and uppercase letters of the name are significant (case sensitive). The names cannot use special characters, scandi characters or spaces.

A user can have multiple roles.

 

Instructions for adding roles to Active Directory

  1. Sign in to Azure
  2. Click Azure Active Directory
  3. Click Groups
  4. Click New Group
  5. Add group (e.g. gillierole_staff)
  6. Add users to the group

 

Na_ytto_kuva_2019-8-13_kello_15.46.54.png

Image: Name the group gillierole_<role> and add the users to the group.

 

Na_ytto_kuva_2019-8-13_kello_14.59.16.png

Image: In AD, the role professional (gillierole_staff) and team Kaunisjärvi (gillieteam_kaunisjarvi) have been added. Gillie's role and team correspond to AD's group.

 

3. Add Gillie's teams to Active Directory

Team names

1. Freely set name. In Gillie, the names or IDs of the AD groups are told, based on which the teams are set. The advantage here is that you can choose the names of the AD groups freely, and the corresponding disadvantage is that you have to tell the names of the AD groups in Gillie.

2. Based on a naming convention. In AD, the syntax of the name of the group (groups) corresponding to Gillie's team is gillieteam_<team name>. The name's lowercase and uppercase letters are significant (case sensitive). You cannot use special characters, scandi characters or spaces in team names in Gillie. For example, a team named Kaunisjärvi should be set up in Gillie under the name kaunisjarvi and then the ID in AD is gillieteam_kaunisjarvi.

 

Instructions for adding teams to Active Directory

  1. Sign in to Azure
  2. Click Azure Active Directory
  3. Click Groups
  4. Click New Group
  5. Add a team (e.g. gillieteam_kaunisjarvi)
  6. add users to teams

Teams are automatically created in Gillie

Note! if the AD user has a team in AD (e.g. gillieteam_kaunisjarvi) and there is no corresponding team in Gillie, Gillie automatically creates a team record with the name kaunisjarvi.

 

0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.