⚠️ Microsoft has renamed Azure Active Directory (Azure AD) to Microsoft Entra ID.
You may therefore see both Azure AD and Entra ID mentioned in Addo Sign, Microsoft interfaces, or older documentation. Both names refer to the same Microsoft identity and access management solution.
Introduction to Group Rights
When using Entra ID integration in Addo Sign, you can extend your existing groups with additional permissions to control access at a more granular level.
In addition to the standard roles:
Administrator
Standard user
You can also assign:
Group administrator
Group viewer
Member
These roles allow users to manage or view specific groups within Addo Sign without giving them full access to the entire system.
Group rights are managed by linking Entra ID groups to roles within specific Addo Sign groups.
You can organize your setup based on your business needs, for example:
HR
Sales
Administration
For each area, you can define who should:
Manage the group (Group administrator)
View the group (Group viewer)
Entra ID groups are used to represent these roles and are then mapped in Addo Sign.
You can reuse the same Entra ID group across multiple mappings if needed, allowing for a flexible and simplified setup.
For example, you can create a single Entra ID group to control all Group administrators across multiple Addo Sign groups.
Example:
Using the same groups:
HR
Sales
Administration
You can create an Entra ID group called:
Addo Group administrators
Add the relevant users to this group.
In Addo Sign, you then map this Entra ID group to the Group administrator role for each of the groups (HR, Sales, Administration).
This means:
Users in the Addo Group administrators group will be assigned Group administrator rights
The rights are applied to each Addo Sign group where the mapping is configured
⚠️The Group admin and Group viewer groups only need to exist in Entra ID.
They must not be assigned to the Addo Sign application, as they are only used for group mapping inside Addo Sign.
Create rights groups in Entra ID
This step involves creating the Entra ID groups that will be used to assign Group administrator and Group viewer roles in Addo Sign.
Depending on your existing setup, this can vary in complexity.
Instead of creating separate role groups for each department, you can define groups based on roles, for example:
Addo Group administrators
Addo Group viewer
Add the relevant users to these groups based on the level of access they should have.
You will need the Object ID of each Entra ID group when configuring the mapping in Addo Sign.
Let's assign a group to Addo Sign:
Map Entra ID groups to roles in Addo Sign
Once your Entra ID groups are ready and your main groups (e.g. HR, Sales, Administration) are imported into Addo Sign via Add Entra Groups, you can configure group mapping.
Find group mapping
Go to Settings (⚙️)
Select Entra ID configuration
Click Add mapping
Configure a mapping
When creating a mapping, you must define:
Group
→ The Addo Sign group where the role should apply (e.g. HR, Sales, Administration)
Role
→ The role to assign (Group administrator or Group viewer)
Entra ID
→ The Object ID of the Entra ID group
Repeat this process for each group where the role should apply.
For example, the same Entra ID group can be mapped as:
Group administrator in HR
Group administrator in Sales
Group administrator in Administration
Let's add a groupmapping:
