AD Plus gives you the opportunity to control user rights around FirstAgenda by Group-claims in your own ADFS server.
Group-claims are used to manage which organizations your users have access to when they log in to FirstAgenda with AD login. If you have multiple organizations but fail to state group-claims your users will get access to all organizations by login with their AD login.
How to activate Group-Claim?
Each of your organizations have the opportunity to have a name attached. These names need to correspond with the group-claims set up in your ADFS. Please notify us the exact group-claim name each organization will have. Next, we will configure your organization(s) with the group-claim name in FirstAgenda.
How does Group-Claim work?
You place your users in the right group-claims in your AD. Hereby the access to your organization is determined through your AD.
Group-claim gains acceptance in the moment the group-claim name is set up for the organization in FirstAgenda. If the name is set up exclusively in FirstAgenda and not in your ADFS it leads to the fact that no one gets access to the concerned organization.
Users who subsequently log in with AD login will gain access to the organizations which either have not gotten a group-claim name in FirstAgenda yet or the ones which already have a group-claim name send from your ADFS. That is, if one of your organizations do not have a group-claim name at all, then the users will automatic get access to it.
The users who have already been logged in to FirstAgenda with their AD login, before the Group-claim was selected, will have access to all organizations no matter if the claim is set up or not. This happens because the users were created before the Group-claim existed.
If you delete a Group-claim from a user that has already been logged in to FirstAgenda with their AD login, then the user still has access to the same organization as previous.
If you rename the Group-claim/Windows group name, so it no longer is corresponding to the name we have registered your organization with, then new users will not be able to get access to FirstAgenda. Users who have been logged in before the renaming will still have access.
REQUIREMENTS FOR RIGHTS AND USER MANAGEMENT OUTSIDE of FirstAgenda
- Your users have to use AD login in FirstAgenda
- You have to create a certain number of AD users for each team which has been transferred to FirstAgenda
- The names for the AD or Windows groups need to respect the naming structure set by FirstAgenda
naming of the ad groups FOR RIGHTS MANAGEMENT
For each team you must create 5 Windows groups by following the structure listed below, where the team's "mapping key-id" is consistent.
Unique mapping Key-id for the team: For example “Smlafoaac7”
The team's Group-claim values:
Read the unreleased version
Mapping key and group name values
You will find the informations in FirstAgenda "Team" in the left side menu. Please note that the informations will not be accessible before you have transferred the first agenda in the team to FirstAgenda.
On the basis of name and source-id we will form a unique mapping key-id to the team.
every login is read by claims
You give the users the rights and roles by placing them i the right Windows groups.
By every login in FirstAgenda we receive claims about the user. Claims controle access and rights for the user in FirstAgenda.