To Assign Roles to your users, you need to be an Azure AD Global Administrator. All users, including the Azure AD Global Administrator need a Role assigned to them in order to log in to Records365.
In order to log in and interact with Records365, users need to be assigned the designated Records365 roles in Azure Active Directory. Records365 doesn’t store users or passwords but instead leverages your corporate Azure Active Directory (Azure AD) as the identity provider. This allows the centralized management of all your users and applications directly in your Azure AD.
Records365 leverages 2 authentication protocols used in different scenarios:
- User Identity: Based on the OpenID Connect protocol, it’s used by the Records365 Portal to authenticate users.
- Application Identity: Based on the OAuth 2.0 protocol with JWT access tokens, it’s used by the Records365 Connector Framework to authenticate applications invoking the Records365 Connectors API.
Once the provisioning of your tenant is complete you are ready to get started with Records365. The first step is to give access to your users by assigning specific roles to them in Records365. To do this follow the steps below:
- Log into Azure Active Directory at https://portal.azure.com with your credentials
- Go to More Services and click on Enterprise Applications
- Select All applications and find Records365
- Click on Properties and ensure that the User assignment required? property is set to No.
This configuration is required for the Records365 Connector Framework to authenticate with the Records365 Connectors API, which is necessary for any Connector to perform Records Management operations.
Even with this configuration, Users will need a Role assigned to them in order to log in to Records365.
- Now you need to select the users that you want to assign the roles to. Select Users and Groups, then Add user.
- Click on Users and select the users that you want to assign roles to. Click Select.
- Now you can assign a role to the selected users. Click on Select Role. Choose from the following roles: Application Administrator, Records Manager or Records Visitor and click Select.
Please note that the Disposal Approver role currently available in AAD is going to be deprecated so, please only use one of the 3 roles mentioned above. For more information about how to give users permissions to approve disposals see the Disposal Approval page
- Select Assign.