Directory requirements
| 
-
Each 1E Platform user requires an account in Microsoft Entra ID. Microsoft Entra ID accounts must have their userPrincipalName (UPN) attribute populated, which is normal but may be missing if user accounts have been created using scripts.
-
1E Platform users and approvers should have email addresses to support approval workflow and notifications. Email addresses are mandatory if Two-Factor Authentication (2FA) is enabled.
Microsoft Entra security groups
Microsoft Entra Security groups are recommended for role-based access control (RBAC) but are not mandatory. Microsoft Entra ID groups can be assigned to 1E roles after installation, they are not required during installation. Groups are not mandatory because users can be assigned to roles and managed within 1E instead of Microsoft Entra ID. A Microsoft Entra ID group is useful to configure access to the CatalogWeb Admin page, as described in Rebuilding the Catalog.
AD distribution groups are not supported.
If AD security groups are nested (groups within groups), they can slow down the performance of the 1E Portal for administrators. Therefore, we recommend nesting is not used, and each administrator and approver account is a member of a group used in 1E . You can improve performance further by disabling the recursive search used by 1E Platform, bearing in mind this will not support nested groups.
Domain Local security groups are not supported.