How to manage users with Azure AD
This article will guide you through the setup of the Azure Active Directory integration for user management, along with role provisioning. The setup of Azure AD Sync will be performed in the AskCody Azure AD Portal, and consists of 4 steps:
Step 1. Add Azure AD Global Administrator account as a user in AskCody. Make sure that this user has either the "Owner", or the "Connect Administrator" roles in the AskCody Management Portal.
Step 2. Establish a connection and grant consent to Azure AD.
Step 3. Configure the Azure AD sync.
Step 4. Start sync.
During the process of setting up an Azure AD sync, there will be some very important things to consider; these will be highlighted in a red callout like the one below.
Requirements *Please read*
- Global Administrator access to Azure AD
Some of the steps in the process of setting up the Azure AD sync requires Azure AD Global Administrator access. This requires that you either have the role yourself or have access to the Global Administrator account credentials. The Global Administrator also needs to be a user with an email address in your Azure AD (Used in Step 1). Read more here.
- Users setting up the sync need to exist in the organization's Azure AD
Some organizations hire third-party consultants or external service providers to set up the Azure AD Sync after the Global Administrator has granted initial consent. In these cases, in order to have access to the Azure AD Sync configuration, the user setting up the Azure AD Sync must exist in the organization's Active Directory.
- Only security-enabled groups in Azure AD can be synced
Make sure that the AD groups you want to sync are security-enabled, otherwise, the groups will not be synced.
- AD groups suitable for sync
We recommend that the AD groups you plan to sync fits with the AskCody user role hierarchy. Examples of suitable groups: All users, AskCody Owners, Facility Management, Reception, IT, etc.
How to set up and configure Azure AD sync
An Azure AD Global Admin access is required in some of the steps in this section. These steps will be highlighted in a red box.
Step 1. Add Azure AD Global Administrator as a user in AskCody
- Log in to the AskCody Management Portal.
- Go to the AskCody Admin Center.
- Open the dropdown menu Users and choose Users.
- Click on the button Add, to add a new user.
- Type in a Name and the E-mail of the Global Administrator account.
- Grant this user the role: Owner.
- Click Add.
Step 2. Establish a connection and grant consent to Azure AD
- Log in to AskCody Management Portal with the new AskCody Global Administrator user you created in Step 1.
- Go to the AskCody Admin Center.
- Open Connect and choose Azure AD Sync.
- Click the button Grant access to Azure AD Synchronization.
- You will be redirected to the Microsoft Sign in page.
The steps in the next two bullet points require a Global Administrator in your organization's Exchange environment.
- Sign in with Global Administrator Microsoft account (not the AskCody Global Admin user)
- Click Accept and grant consent to the permissions requested in the Microsoft box.
*We sometimes experience that you need to accept the permissions two times, and not always right after each other.
- After the consent is given you will be redirected back to the AskCody Azure AD Portal.
Please note, that no sync is running or configured yet.
Step 3. Configure the Azure AD Sync
- Log in to AskCody Management Portal
- Go to the AskCody Admin Center
- Open Connect and choose Azure Active Directory Sync.
- Click on Go to sync.
- You will be redirected to the AskCody Azure AD Portal.
- Click the button Start, and start creating the first sync group.
- Write the name of the user group from the Azure AD you wish to sync in as your Root group.
*In the search box, please write the full name of the user group. The sync will not get the correct search result just by searching for a part of the group name.
InfoRoot group: is your main group from which you will create additional groups. The root group needs to be set up by a user with Global Administrator access in your organization's Active Directory.
Tip: We recommend you start with a Root group with all your AskCody users.
- Choose a default country.
The country selected is just a technical requirement for the sync to properly and will not have an effect on your AskCody settings.
- Click Save when done. Then click on Save changes on the top right corner.
InfoFrom now on, the Global Administrator is no longer needed to set up the Azure AD Sync. However, in order to change any settings in the Azure AD Sync's configuration from now on, the user making those changes needs to exist in your organization's Active Directory (information mostly relevant for organizations that hire third parties to perform changes in the configuration of the Azure AD Sync).
- Click on Add group on the Root group you just created in the AskCody Azure AD Portal, to add an additional group.
InfoRemember to add a System Owner group including you as a user, to not exclude yourself from the sync. Otherwise, this will deny you access to the system afterwards.
- Configure the group as needed with the possibilities below:
Roles (all users)
Assign the users of this group with AskCody roles. With roles, it is possible to decide which areas the users should have access to in the AskCody Management Portal and Outlook Add-ins.
Cost Center Group Memberships (Meeting+ users)
If Cost Center Groups are created for Meeting+ in the AskCody Management Portal, it is possible to assign users to the Cost center groups here.
Delivery Provider Memberships (Meeting+ users)
It is not enough to only assign the roles Meeting+ Administrator, Provider or Accountant to the users of the Meeting+ Management tool, they also need to be members of the provider they will be working in.
Reception Memberships (Welcome+ users)
It is not enough to only assign the roles Welcome+ Administrator or Receptionist to the users of the Receptionist tool, they also need to be members of the reception they will be working in.
Reception Assignments (Welcome+ users)
In Welcome+ we navigate with the concept of "Hosts". When a user uses the Receptionist tool, the Add-in, or when a visitor uses the Check-in screen, it is possible to choose a Host (the host of the meeting). This means that it is important that you assign all users that have the possibility of hosting a meeting with this configuration.
- Add more additional groups if needed.
- Click Save Changes in the upper right corner of the AskCody Azure AD Portal.
Please note, that the sync is not running yet.
Step 4. Start sync
- Click on Initialize Sync.
- Read the text and click START.
The infobox now changes to "Azure AD sync is initializing".
InfoThe sync is not running yet, but only preparing to run. Wait until the Azure AD is ready to sync. Depending on how many users and groups need to be synced, this could take a while.
- Click Start Sync when the sync is finished initializing, the button in the upper right corner will change to Start Sync.
Depending on how many users and groups need to be synced, this could take a while.
After performing these steps your sync will be running periodically, syncing users, memberships, and hosts according to your preferences. If you need to make any changes to the sync please pause it, perform the changes, and resume it.
If you, during the process of setting up synchronization between AskCody and your Azure Active Directory, are experiencing problems we ask you to check out our Azure AD troubleshooting article here.