Introduction
For Active Directory (AD) to process permissions, Microsoft requires you to assign users to enterprise apps. Yomly does not process authentication in the same way; we are just a client of the AD processes.
The old SSO is an oAuth emulation and is not considered secure anymore. Therefore, we no longer support it as an authentication mechanism.
Assigning users
Assigning users is a fairly trivial exercise. Depending on your current license with Office 365, you can even do it with a single assignment of the ALL USERS group to the enterprise application (Yomly).
The single assignment of the group of all users is the simplest way to assign users as there is no ongoing maintenance with the addition of users to Yomly.
You can also provide Self-Service Application Access, where the user can give themselves permission to the app.
If you have a specific policy to limit access, then the easiest way to do it is:
- Export a list of user IDs (email addresses) from Yomly.
- Import the user IDs into a new group in Azure Active Directory (AAD). For example, the AAD group could be called "Yomly Users".
- Assign that group to Yomly in AAD.
As this is basic AD administration, any certified administrator can accomplish this with minimal effort.
Other methods to assign AD users to Yomly
Method | For more information |
---|---|
Assign a user to the application directly. |
|
Assign a group that the user is a member of to the application, including:
|
|
Enable self-service application access to allow a user to add an application using the Add App feature without business approval |
|
Enable self-service application access to allow a user to add an application using Add App feature, but only with prior approval from a selected set of business approvers |
|
Enable self-service group management to allow a user to join a group that an application is assigned to without business approval |
Set up self-service group management in Azure Active Directory |
Enable self-service group management to allow a user to join a group that an application is assigned to, but only with prior approval from a selected set of business approvers |
Set up self-service group management in Azure Active Directory |
Assign a license to a user directly for a first party application, like Microsoft 365 |
- |
Assign a license to a group that the user is a member of to a first party application, like Microsoft 365 |
- |
As an administrator, consent to allowing all users to use an application, and then a user signs in to the application |
Sign in any Azure Active Directory user using the multi-tenant application pattern |
As a user, consent to using an application yourself and then signing in to the application |
Sign in any Azure Active Directory user using the multi-tenant application pattern |
Comments
Please sign in to leave a comment.