Assigning Active Directory users to Yomly

Introduction

For Active Directory (AD) to process permissions, Microsoft requires you to assign users to enterprise apps. Yomly does not process authentication in the same way; we are just a client of the AD processes.

The old SSO is an oAuth emulation and is not considered secure anymore. Therefore, we no longer support it as an authentication mechanism. 

Assigning users

Assigning users is a fairly trivial exercise. Depending on your current license with Office 365, you can even do it with a single assignment of the ALL USERS group to the enterprise application (Yomly).

The single assignment of the group of all users is the simplest way to assign users as there is no ongoing maintenance with the addition of users to Yomly.

You can also provide Self-Service Application Access, where the user can give themselves permission to the app.

If you have a specific policy to limit access, then the easiest way to do it is:

  1. Export a list of user IDs (email addresses) from Yomly.
  2. Import the user IDs into a new group in Azure Active Directory (AAD). For example, the AAD group could be called "Yomly Users".
  3. Assign that group to Yomly in AAD.

As this is basic AD administration, any certified administrator can accomplish this with minimal effort.

Other methods to assign AD users to Yomly

Method For more information

Assign a user to the application directly.

Assign users and groups to an application

Assign a group that the user is a member of to the application, including:

  • Groups synchronized from on-premises
  • Static security groups created in the cloud
  • Dynamic security groups created in the cloud
  • Microsoft 365 groups created in the cloud
  • The All Users group

Enable self-service application access to allow a user to add an application using the Add App feature without business approval

Enable self-service application access to allow a user to add an application using Add App feature, but only with prior approval from a selected set of business approvers

Enable self-service group management to allow a user to join a group that an application is assigned to without business approval

Set up self-service group management in Azure Active Directory

Enable self-service group management to allow a user to join a group that an application is assigned to, but only with prior approval from a selected set of business approvers

Set up self-service group management in Azure Active Directory

Assign a license to a user directly for a first party application, like Microsoft 365

-

Assign a license to a group that the user is a member of to a first party application, like Microsoft 365

-

As an administrator, consent to allowing all users to use an application, and then a user signs in to the application

Sign in any Azure Active Directory user using the multi-tenant application pattern

As a user, consent to using an application yourself and then signing in to the application

Sign in any Azure Active Directory user using the multi-tenant application pattern
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.