AD Plus gives you the opportunity to control user rights around FirstAgenda by Group-claims in your own ADFS server.
Group-claims are used to manage which organisations your users have access to when they log in to FirstAgenda with AD login. If you have multiple organisations but fail to state group-claims your users will get access to all organisations by login with their AD login.
How to activate Group-Claim?
Each of your organisations have the opportunity to have a name attached. These names need to correspond with the group-claims set up in your ADFS. Please notify us the exact group-claim name that each organisation will have. Next, we will configure your organisation(s) with the group-claim name in FirstAgenda.
How does Group-Claim work?
You place your users in the right group-claims in your AD. Hereby the access to your organisation is determined through your AD.
Group-claim gains acceptance i the moment the group-claim name is set up for the organisation in FirstAgenda. If the name is set up exclusively in FirstAgenda and not in your ADFS it leads to the fact that no one gets access to the concerned organisation.
Users who subsequently log in with AD login will gain access to the organisations which either have not gotten a group-claim name in FirstAgenda yet or the ones which already have a group-claim name send from your ADFS. That is, if one of your organisations do not have a group-claim name at all, then the users will automatic get access to it.
The users who have already been logged in to FirstAgenda with their AD login, before the Group-clain was selected, will have access to all organisations no matter if the claim is set up or not. This happens because the users were created before the Group-claim existed.
If you delete a Group-claim from a user that has already been logged in to FirstAgenda with their AD login, then the user still has access to the same organisation as previous.
If you rename the Group-claim/Windows group name, so it no longer is corresponding to the name we have registered your organisation with, then new users will not be able to get access til FirstAgenda. Users who have been logged in before the renaming will still have access.
REQUIREMENTS FOR RIGHTS AND USER MANAGEMENT OUTSIDE of FirstAgenda
- Your users have to use AD login in FirstAgenda
- You have to create a certain number of AD users for each team which has been transferred to FirstAgenda
- The names for the AD or Windows groups need to respect the naming structure set by FirstAgenda
naming of the ad groups FOR RIGHTS MANAGEMENT
For each team you must create 5 Windows groups by following the structure listed below, where the team's "mapping key-id" is consistent.
Unique mapping Key-id for the team: For example “Smlafoaac7”
The team's Group-claim values:
Read the unreleased version
Mapping key and group name values
You will find the informations in FirstAgenda "Team" in the left side menu. Please note that the informations will not be accessible before you have transferred the first agenda in the team to FirstAgenda.
On the basis of name and source-id we will form a unique mapping key-id to the team.
every login is read by claims
You give the users the rights and roles by placing them i the right Windows groups.
By every login in FirstAgenda we receive claims about the user. Claims controle access and rights for the user in FirstAgenda.