This is an account owner task.
Use the Azure AD connector to assign OpenForms roles to Azure AD user groups.
Once a role is assigned to a user group, any staff members added to that group will become OpenForms users (if they aren’t already), and assigned those roles. They’ll be able to log in with their Microsoft SSO credentials for your organization and work in OpenForms just like any other user.
You can only assign roles to Azure AD user groups that have been provisioned to OpenForms by your Azure AD administrator.
Users assigned roles through the Azure AD connector can only be managed through the connector or Azure AD, you can’t edit their roles in the OpenForms Admin > Users interface.
If a staff member is assigned a role through the Azure AD connector and they already have an OpenForms account managed in the admin interface or OpenCities, they will be permanently converted to a user managed in Azure AD.
They will retain any current workspace, review, and notification assignments so long as they have an appropriate role.
Assign Roles
-
Go to Integrations > Connectors > Azure AD
-
Select the Azure AD user group you’d like to assign OpenForms roles to.
If you have a lot of Azure AD user groups to choose from, you can
Search for a mapping, or filter your groups by status (assigned or unassigned) or by roles.
-
Select the roles you want to assign to that group in the Assign roles tab. You can switch to the User list tab to see which users are included in the group.
-
Repeat the process for any other groups you’d like to assign roles to.
Your changes won’t take effect until you Review and commit them.
-
Select Review and commit.
This will open a Review and commit assignments dialog, detailing how your changes will affect your organization’s user count.
If your role assignments exceed your organization’s OpenForms user limit, you won’t be able to commit them to prevent disruption to your account.
Because the number of staff members in an Azure AD user group is managed outside of OpenForms, it is possible to exceed your organization's user quota as staff are added to Azure AD user groups that have already been assigned OpenForms roles.
If this happens, all of your organization's users will have their editing and publishing actions disabled until your organization is back within its user limit.
-
Once you’ve reviewed the effect of your assignments, select Commit changes.
This process may take a few seconds depending on the amount of roles or users affected.
Any staff members in the user groups you've assigned that were previously managed in the OpenForms admin area will be converted to externally managed users. For more information, see Manage users.
To further streamline your staff management process, consider assigning your AD user groups to workspaces. This will automatically assign roles and workspaces to any staff members added to those groups, so they can start working faster.
You can also assign groups with the Workflow reviewer role to process workflow steps as you create a workflow.
Edit or Remove Roles
Making changes to previously assigned roles is exactly the same process as assigning roles to a user group. Simply go to Integrations > Connectors > Azure AD and follow the steps above.
If a group is assigned as a Workflow reviewer in any forms, you can use the Usage tab to see a searchable list. If you are removing the Workflow reviewer role from the group, you may need to assign a new reviewer to the workflow.
You cannot edit individual users’ roles through the Azure AD connector. To make changes to individual staff members’ roles, move them between user groups in Azure AD.
Any users that are left without an OpenForms role after you’ve removed roles from their user group will be deactivated in OpenForms.
What’s Next?