Add Users

  • Updated

Role Required
To Assign Roles to your users, you need to be an Azure AD Global Administrator. All users, including the Azure AD Global Administrator need a Role assigned to them in order to log in to Records365.

Introduction

In order to log in and interact with Records365, users need to be assigned the designated Records365 roles in Azure Active Directory. Records365 doesn’t store users or passwords but instead leverages your corporate Azure Active Directory (Azure AD) as the identity provider. This allows the centralized management of all your users and applications directly in your Azure AD.

Records365 leverages 2 authentication protocols used in different scenarios:

  • User Identity: Based on the OpenID Connect protocol, it’s used by the Records365 Portal to authenticate users.
  • Application Identity: Based on the OAuth 2.0 protocol with JWT access tokens, it’s used by the Records365 Connector Framework to authenticate applications invoking the Records365 Connectors API.

Assigning Roles

Once the provisioning of your tenant is complete you are ready to get started with Records365. The first step is to give access to your users by assigning specific roles to them in Records365. To do this follow the steps below:

  1. Log into Azure Active Directory at https://portal.azure.com with your credentials
  2. Go to More Services and click on Enterprise Applications
add-users-aad1.png
  1. Select All applications and find Records365
add-users-aad2.png
  1. Click on Properties and ensure that the User assignment required? property is set to No.
add-users-aad6.png

Record submissions from any connector, including physical records, are handled using application authentication. For physical records, the application requesting permissions is the Records365 app itself.

To ensure these submissions come from a trusted source, we validate the ClientID against a trusted list of known applications. For this process to function seamlessly, "User Assignment Required" must be set to false. This setting allows the application to authenticate and submit records without requiring manual assignment for every client or connector.

For user authentication, we enforce access control by requiring users to have an assigned role to interact with the application. Even though "User Assignment Required" is set to false on the enterprise application, users must still be explicitly assigned roles to access the application. This ensures secure access while maintaining flexibility for application submissions.

Even with this configuration, Users will need a Role assigned to them in order to log in to Records365.

  1. Now you need to select the users that you want to assign the roles to. Select Users and Groups, then Add user.
add-users-aad3.png
  1. Click on Users and select the users that you want to assign roles to. Click Select.
add-users-aad4.png
  1. Now you can assign a role to the selected users. Click on Select Role. Choose from the following roles: Application Administrator, Records Manager or Records Visitor and click Select.

Please note that the Disposal Approver role currently available in AAD is going to be deprecated so, please only use one of the 3 roles mentioned above. For more information about how to give users permissions to approve disposals see the Disposal Approval page

  1. Select Assign.
add-users-aad5.png

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request