Implemenation Step | Details | Technical Notes |
---|---|---|
Step 4. | Client accesses one-permission link and approves the permission request |
|
Step 4. | Permission Approval |
This step is required for CompliSpace to determine the user's memberOf details (the groups the user is assigned to on the client's AD) and their appropriate PolicyPlus tenant & section access. |
Configure Test User |
| |
Assign groups to all relevant users |
| |
PolicyPlus Sections & Sitecode Example:
Access | Group/Permission Name | Access Type |
---|---|---|
Site Access | Fundamentals | This permission is required to allow any kind of access. Without this permission, no access will be granted whatsoever regardless of other permisions. |
Public | Public RO | Read Only to the Public section. |
Public | Public RW | Read and Write to the Public section. |
Tools Admin | Tools Admin RO | Read Only to the Tools Admin section. |
Tools Admin | Tools Admin RW | Read and Write to the Tools Admin section. |
Archived Pages | Archived Pages RO | Read Only to the Archived Pages section. |
Archived Pages | Archived Pages RW | Read and Write to the Archived Pages section. |
HR Administration (Managers Only) | HR Administration (Managers Only) RO | Read Only to the HR Administration (Managers Only) section. |
HR Administration (Managers Only) | HR Administration (Managers Only) RW | Read and Write to the HR Administration (Managers Only) section. |
Technical Notes for client:
- We only support CN part of distinguished names, we currently do not look at any of the parent paths (e.g. OU=..,OU=...). (In fact, the Azure AD Graph API /memberOf endpoint strips away everything except the content of the CN. Example, the groups CN=Fundamentals, OU=Applications, O=Staff would have Azure AD only send us: Fundamentals)
- We don't currently support nested groups.