If you have created an Azure AD integration with your Addo Sign account, you can manage the rights between users from within Azure based on the following hierarchy.
Introduction to group rights
Create the rights groups in Azure AD
Map the Azure AD rights groups to groups in Addo Sign
Introduction to group rights
When you have already created groups in Azure AD, you can also create rights groups, which can control how rights, in addition to "administrator" and "standard" rights, are managed.
These rights are respectively "group administrator" and "group viewer", which will be linked to a group in Addo Sign.
The rights groups are therefore something that must be created as an extension of an existing group, where an example of this could be that HR, sales and administration each have their own group, since none of these have a need to see what other people in one of the other groups do.
When the HR, sales and administration groups have been created in Azure and imported into Addo Sign, rights groups must also be created for each of the areas.
Therefore, in the above scenario, the following groups must be created:
- HR
- HR - Group admin
- HR - Group viewer
- Sales
- Sales - Group admin
- Sales - Group Viewer
- Administration
- Administration - Group admin
- Administration - Group viewer
Where the groups marked in bold will be imported into Addo Sign but where the other 2 groups for each area will appear in Azure AD but will be mapped in Addo Sign's "group mapping" feature.
The structure will look like this:
Create the rights groups in Azure
This step in the guide seems to be a very small step, however it can take a lot of time depending on your existing user/group management and allocation of rights in the Azure AD environment.
Under each group, a corresponding group must be created but with an explanation of the rights that must be assigned in Addo Sign, please see the image below:
All groups with the words "group admin" and "group viewer" will therefore have to be used to allocate rights in Addo Sign.
In the next step we will need to use the "Object ID" for these groups.
Map the Azure AD rights groups to groups in Addo Sign
When the groups are created in Azure AD and the main groups are imported in Addo Sign under "Add Azure Groups":
Is it now possible to create "Group mapping" of the group rights.
Groupmapping can be found inside your Addo Sign account under settings:
- Tap settings
- Select Azure AD configuration
- Press "Add mapping"
When you have selected "Add mapping", some fields appear that you must decide on. The fields are the following:
- Group - This is the group where you would like to be able to determine user rights in. This could be HR, Sales or Administration
- Role - Here you decide which role your Azure group assigns in Addo Sign, which is why it is good if you call them the same in Azure AD as in Addo Sign.
- Azure Group ID - Here you insert the Object ID that stands for the group in Azure AD
For example, if I want to give people in my administration account group admin rights, I do the following:
- Select and copy "Object id" from the Azure AD group.
After copying this, and knowing that this allocates group admin rights, I go into Addo Sign and add this under group mapping:
- Select the group for which you want to determine the group rights
- Select which group rights the Azure AD group gives access to
- Insert the Object id from the group from Azure AD
- Press "save"
This is then done for the remaining groups where the group rights must be determined: