Configuring Access Rights tutorial

Multi-tenant SaaS platform Green checkmark | Single-tenant SaaS platform Green checkmark | On-premises platform Green checkmark

A quick tutorial on configuring access rights for 1E Platform. Using a scenario where access to the platform will be managed through Azure Active Directory groups, the tutorial illustrates the general setup required and the particular steps needed to add users.

We demonstrate a process for creating Active Directory (AD) managed permissions. We use specifically created AD groups for each of the 1E Platform system roles and create users for each one, we then define a custom role for a specific Instruction Set and create a user with an existing AD group that provides access to running actions in the Instruction Set.

Refer to Roles and Securables for a complete reference of available platform roles and securables.

Roles

In this tutorial we will create an example 1E Platform Azure Active Directory group user based on the possible roles given in the following system and custom roles.

On the Roles page, you can see at a glance which roles are system or custom roles, by using the icon in the Name column:

System roles are indicated by an icon with a padlock:

Custom roles are indicated by an icon with a cog wheel:

Creating users or groups

The general steps for creating a new user or group are as follows:

Adding users

  1. Click on Add, doing this displays the Add user popup.

  2. In the Select user or group field, type the name, or part of the name, for the user or group that you want to add, then click the search icon.

  3. Select the user or group from the list of matching names displayed in the drop-down list and click Add.

  4. After clicking Add, the Add user popup is displayed.

  5. In the Select user edit field we type FIN because it is the first few characters of our group in our environment.

  6. We then select the Finance_Group_Administrator group from the list. Once the group has been selected we click Add to create the new user.

  7. We then click the new Finance_Group_Administrator account's Assignments link to display the details for that group on the Assignments page.

From here we can add assignments to our group account and the Management Group they will apply to. In this case we choose the Group Administrator role for our Finance Management Group. We do not want our administrators for the Finance division to work on servers, or on devices belonging to other departments who have their own administrators, once we are satisfied with the changes, we click Save. Refer to the Roles for details about creating custom roles and a list of all built-in custom roles. After the new user or group has just been added, 1E Platform will display notifications for a short while showing the actions that have just been successfully performed.

In the tutorial we then repeat the process of finding groups, adding roles and saving for each of the system roles. The purpose of this is that subsequently, specific user access to the platform can be managed through your Identity Provider using membership of selected groups, and avoiding the necessity of managing the users through 1E Platform. The result of adding the groups can be seen in the picture.