DC 5.4 AAD: How AAD works
- Tobias Thornfeldt Wolters
- Mathias Mattson (MHM)
- Gosia Creosteanu (Unlicensed)
How it works
When you have set it up correctly, it'll work in the following way:
The first time a user tries to login to a Digizuite product using his or her AAD credentials, a new user will be created in your DAM with the email as its username. The new user's rights levels will be a copy of your chosen template user's rights levels, however, a change to the template user will not impact the user's rights after its creation. In order to have the template user and the users created by it to be in sync at all times, you need to make them use the same groups for maintaining rights.
Alternatively, you may create the user up front with the rights you choose. Be aware that the premade user's username must correspond 100% to the AAD user's. If this is not the case, a new user will be created with the template user's template instead (As previously mentioned)
The above prompt will occur once for your users - the above is in Danish.
How to invite an Azure user to use the application
Go to your Azure Portal, and navigate to "Azure Active Directory"
From here, go to Enterprise applications
Then All applications
Select your application from the list
Select Users and groups
Press Add user
Go to "Users (none selected)"
Type in the email of the person you want to give login access to your DAM solution.
Press in the bottom
It'll now say "1 user selected" (see the image below)
Press Assign
It'll give you the following message in the top right corner
After a couple of minutes, the recipient will receive the following message. (You do not have to assign users for the mail to arrive - this will happen solely because you've pressed "Invite") - for for them to use the system, you have to do the additional steps (Assign)
The recipient must now press the green "Get Started" button, in order for them to validate that they want access.
When they are validated, they'll see the following in their browsers
Now all your recipients can access your solution via AAD
Troubleshooting
Cannot gain access to the DC
The AAD template user configuration is by default only for logging in to the MM. You'll need to assign more roles, groups or rights to the template user, in order for you to log into the DC.
My Media Manager keeps logging me in with AAD, but I want to access the site using normal log in/use another user.
You simply have to call your MM with the following appended: "?forceCleanup=true" e.g. "https://mm.mySite.com?forceCleanup=true". (Please note that it doesn't have to say "true" - it just has to contain some sort of alphanumeric value)