Introduction to Group Rights
When using Azure AD integration in Addo Sign, you can extend your existing groups with additional permissions to control access at a more granular level.
In addition to the standard roles:
Administrator
Standard user
You can also assign:
Group administrator
Group viewer
These roles allow users to manage or view specific groups within Addo Sign without giving them full access to the entire system.
Group rights are managed by linking Azure AD groups to roles within specific Addo Sign groups.
You can organize your setup based on your business needs, for example:
HR
Sales
Administration
For each area, you can define who should:
Manage the group (Group administrator)
View the group (Group viewer)
Azure AD groups are used to represent these roles and are then mapped in Addo Sign.
You can reuse the same Azure AD group across multiple mappings if needed, allowing for a flexible and simplified setup.
For example, you can create a single Azure AD group to control all Group administrators across multiple Addo Sign groups.
Example:
Using the same groups:
HR
Sales
Administration
You can create an Azure AD group called:
Addo Group administrators
Add the relevant users to this group.
In Addo Sign, you then map this Azure AD group to the Group administrator role for each of the groups (HR, Sales, Administration).
This means:
Users in the Addo Group administrators group will be assigned Group administrator rights
The rights are applied to each Addo Sign group where the mapping is configured
⚠️The Group admin and Group viewer groups only need to exist in Azure AD.
They must not be assigned to the Addo Sign application, as they are only used for group mapping inside Addo Sign.
Create rights groups in Azure AD
This step involves creating the Azure AD groups that will be used to assign Group administrator and Group viewer roles in Addo Sign.
Depending on your existing setup, this can vary in complexity.
Instead of creating separate role groups for each department, you can define groups based on roles, for example:
Addo Group administrators
Addo Group viewer
Add the relevant users to these groups based on the level of access they should have.
You will need the Object ID of each Azure AD group when configuring the mapping in Addo Sign.
Let's assign a group to Addo Sign:
Map Azure AD groups to roles in Addo Sign
Once your Azure AD groups are ready and your main groups (e.g. HR, Sales, Administration) are imported into Addo Sign via Add Azure Groups, you can configure group mapping.
Find group mapping
Go to Settings
Select Entra ID configuration
Click Add mapping
Configure a mapping
When creating a mapping, you must define:
Group
→ The Addo Sign group where the role should apply (e.g. HR, Sales, Administration)
Role
→ The role to assign (Group administrator or Group viewer)
Azure Group ID
→ The Object ID of the Azure AD group
Repeat this process for each group where the role should apply.
For example, the same Azure AD group can be mapped as:
Group administrator in HR
Group administrator in Sales
Group administrator in Administration
Let's add a groupmapping:
