Azure Active Directory
Azure Active Directory is a service for managing access to the system through a shared Active Directory service.
Integration concept
Azure Active Directory - a service on the UseDesk side that checks with Azure group users in Active Directory. In your account at https://portal.azure.com/ you will store all users and their groups.
The service, at the attempt of the user login of the corporate account, checks the login and the password of the user in Azure and assigns the rights for workers in the system. Active Directory groups determine the access to the system. If there is no employee in any of the Active Directory groups, there will be no system access.
Customizing integration
To connect Azure Active Directory to the Usedesk, open the "Extensions" section and check if the integration ("ON" for "Azure Active Directory") is enabled;
1. Go to "Settings" - "Azure Active Directory". The "Azure Active Directory" setting is available to employees with "Admins" rights.
1.1. Fill in the connection fields:
- App Client
- Tenant
- Client Secret
* After switching to "Enterprise application," select the required application and enter the data from it in the field for connection.
1.2. Press the "Connect" button.
2. After successful authentication, add the list of groups to the corresponding fields from https://portal.azure.com, which contain your employees:
- Admins - select a group from the list, whose employees will receive "Admins" rights;
- Agents - select the group whose employees will receive the "Support" permissions from the list;
- Number of employee agents - select the group from the list, the employees who will receive the "Employee" permissions.
Take the data in your personal cabinet https://portal.azure.com
Example of filling:
2.1 Press the "Import from AD" button. The "Import from AD" button will be available only the first time you add employees. In the second and subsequent import (addition/deletion) - the "Update" button (item 4).
3. At import, the Usedesk receives the list of employees and checks by email if there is no such employee in the system:
a) If there is no employee in the Usedesk - the system checks the number of available licenses and creates an employee with data from Active Directory:
- Name;
- E-mail;
- Phone;
- Position;
- Role - according to the group that the employee belongs to and was added to the setting at import (item 2);
- Other data for identification when logging into the system
b) If an employee is in the UseDesk, he updates the above data in the system.
Note! If there are no available licenses, employees' import stops with the display of information in the window. Licenses of employees with the "Employee" permissions are not checked.
4. If this is not the first time you are importing employees, click "Update" in the settings - Azure Active Directory. The system will check by ID all employees in the specified groups in the current setting with Active Directory groups:
- If his current permissions in the Usedesk do not coincide with those given to his group in Active Directory - the permissions are updated with the updating of employee's data (item Зa);
- If his current permissions in the Usedesk are the same as those given to his group in Active Directory - the system does not do anything;
- If the employee's group is not specified in the settings - the employee is deleted from the system. The current employee is no longer allowed in the system, and if he was logged in - he would be deactivated;
- An agent created in Usedesk that was a member of a Default group that Azure watched for but did not register in Azure will be identified as superfluous and deleted during the check.To avoid this, add an agent to the appropriate Azure group, or make his Default group one that Azure does not monitor.
Authentication in the Usedesk via Active Directory
1. On the login page, press the button to log in with AD.
2. Enter your e-mail
3. In Active Directory, login through your account at https://portal.azure.com/.
If you do not have access, authentication in the Usedesk will not be successful.
In the profile of the current employee or any other user that has ID data from Active Directory, the following fields are not available for editing:
- E-mail;
- Password;
- Name;
- Position;
- Phone
In the edit card of the current employee or any other user that has ID data from Active Directory, the following fields are not available for editing:
- E-mail;
- Password;
- Name;
- Position;
- Phone;
- Role