Setting up Groups and Roles
Note: this is an optional step that assumes you have already set up ZEN Master as a registered app on Azure.
You can define management groups and roles for ZEN Master users in ZEN Master and replicate them in Azure. Group and role information for a user will be communicated to ZEN Master when the user signs in through Azure SSO. You can also enable syncing so that updates made in Azure will be reflected in ZEN Master.
If you will only have a few users in ZEN Master, you may not want to bother creating a group. However, groups make it easier to assign roles to multiple people and to keep track of users. With the group syncing feature, it will also allow you to add or remove users in Azure and have your changes reflected automatically in ZEN Master.
To create groups in ZEN Master, you must have admin permissions. Then follow the steps below.
In ZEN Master, mouse over Account Management on the left to reveal the menu, and select User Groups:
Next, click on + Add to add a new user group:
Add a Name for the group in the Create New User Group screen.
You can also add a description, users, and roles if you like, or add those later by editing the group.
Click Save.
Creating roles, like groups, is also optional, but allows you to manage the specific actions that users are allowed to perform in ZEN Master. You can also have user roles and groups sent from Azure to ZEN Master when a user signs in, and that way you can make changes to user roles on in Azure, and they will be reflected in ZEN Master.
You must be an admin in ZEN Master to create roles. Use the following steps.
In ZEN Master, mouse over the Account Management icon to reveal the dropdown menu and select Roles:
Click + Add to create a new role.
Add the required Name and select a Tag:
Because of the way it will be used in Azure, the Name must not contain spaces.
In the different categories under Permissions, select the permissions that users in this role should have:
Assign the role to Users, Groups, or both as needed:
Click Save.
Permissions, Users, and Groups can be modified at any time by selecting the role in list of roles and clicking Edit.
Roles can be assigned to groups or individual users in Azure. For the purposes of using ZEN Master, unless you just have a few users, you will probably want to define user groups and assign roles to the groups.
For registered apps such as ZEN Master you will need to go to the ZEN Master page in the App registrations section and creat App Roles. See Add app roles to your application and receive them in the token for details.
You will want to create an App Role in Azure for each role that you created in ZEN Master and the value for the app role must match the name of the role in ZEN Master.
You can create groups in Azure allow you specify a group of users with the same roles, rather than having to assign roles one-by-one. If you created a group for your users in ZEN Master, you will want to create a group with the same name in Azure to allow the group information to be passed to ZEN Master and keep the groups in sync.
The group in Azure must have the same name as the ZEN Master group, and have the appropriate roles added to it.
See Add app roles to your application and receive them in the token for details.
