This is an Account owner task.
Once you and your Azure AD administrator have connected to Azure AD and provisioned user groups, you can start assigning OpenForms roles to Azure AD user groups.
When a group has been assigned a role, users from that group will become OpenForms users with that role. Users can log into OpenForms with their Microsoft SSO credentials for your organization and start working.
Before assigning roles, please note the following:
- Users managed through Azure AD take precedence over locally managed users or users managed through OpenCities, and you can only edit their role or details through Azure AD.
- Any existing local accounts, or OpenCities users, that match a user in an Azure AD user group will be converted to an Azure AD managed account, while maintaining matching workspaces, reviews, and notification assignments.
- If the number of staff members in an Azure AD user group exceeds your organization’s user quota in OpenForms, then all users will have editing and publishing action revoked until you are back under the user quota. Among other actions, Admins can still deactivate local users, and Account owners can still unassign Azure AD user groups.
- We recommend keeping at least one local Account owner user that can make time-sensitive actions if there is an outage with Azure AD.
Assign Roles to User Groups
- Go to Integrations > Connectors > Azure AD and select Edit Azure AD configuration.
- Select a group from the list. You can Search for a mapping, filter your groups by Assigned groups or Unassigned groups, or filter by role. Selecting the Azure AD group column will reorder your groups reverse alphabetically, and selecting the Users column will reorder by the number of users per group.
- In the AD group details panel, use the Assign roles tab to check each role you want to assign to that group. You can switch to the User list tab to see all users that are included in that group.
- Select a different group to continue assigning roles, until you have covered all necessary groups. Changes won’t take effect until you Review and commit them.
- When you’re ready, select Review and commit to open a dialog box that will show you how your changes will affect your organization’s user count.
- Select Commit assignments to finalize and apply your groups or Go back to make more changes. If your assignments exceed your user limit, you will be unable to commit them to prevent disruption to your OpenForms account.
Changes to your user group roles may take a few seconds depending on the amount of roles or users affected.
Your Azure AD users can now log in and start working in OpenForms. You may also want to assign Azure AD groups to workspaces, so that users can access the forms they need to with their correct role.
You can assign groups with the Workflow reviewer role to workflow steps, so they can process responses.
Edit or Remove Roles from User Groups
You can edit or remove roles from a user group, but not an individual user within a group. To change the role of only one user, you must move them into a different Azure AD user group. Any users that are left without an OpenForms role after you’ve removed roles from their user group will be deactivated in OpenForms.
To edit or remove roles from a user group:
- Go to Integrations > Connectors > Azure AD and select Edit Azure AD configuration.
- Find and select the correct user group.
- Uncheck roles or check different roles in the AD group details panel.
- Select Review and commit > Commit assignments.
If a user group has the Workflow reviewer role and is assigned to any existing workflow steps, you can go to the Usage tab to see a searchable list of applicable forms. You may need to reassign a reviewer for that workflow if you are removing that role from the group.
What Else?