logotype
search

How to Use Security Groups and Group Claims for user Management in PLAYipp and Microsoft Azure AD (SAML)

Introduction:
This article explains how to use Microsoft Azure AD security groups and configure group claims to manage user access in PLAYipp Manager. By linking security groups, you can streamline user permissions and automate access management based on roles defined in Azure AD.

Prerequisites:

  • Admin access to both Microsoft Azure Active Directory (Azure AD) and PLAYipp Manager.
  • SAML-based SSO already configured between Azure AD and PLAYipp Manager.

Step 1: Create Security Groups in Azure AD

  1. Log in to the Azure portal: https://portal.azure.com.
  2. Navigate to Azure Active Directory > Groups > New Group.
  3. Create security groups for different roles or access levels in PLAYipp:
    • PLAYipp Admins: Users with full administrative access.
    • PLAYipp Editors: Users who can manage content but have limited administrative permissions.
    • PLAYipp Screen Managers: Users who can manage screens and layouts.
    • Quicknote Users: Users who have access only to the Quicknote feature.
  4. Add members to each group according to their roles in your organization.

Step 2: Configure Group Claims in Azure AD for the SAML Application

  1. Go to Azure Active Directory > Enterprise Applications.
  2. Select the PLAYipp Manager application where you have configured SAML SSO.
  3. Under Single sign-on, find the User Attributes & Claims section and edit the claims.
  4. Add a Group Claim:
    • Click Add a group claim.
    • Configure the group claim settings:
      • Select "Groups assigned to the application" to limit the claim to users assigned to the PLAYipp app.
      • Customize the group name format (e.g., Group ID or Group Name).
      • Choose to emit the group membership as a claim: Use a claim name such as groups or roles.
  5. Save the group claim configuration.

Step 3: Assign Users to the PLAYipp Application Using Security Groups

  1. In Azure AD, go to Enterprise Applications > PLAYipp Manager > Users and Groups.
  2. Assign the previously created security groups to the application:
    • For example, assign the PLAYipp Admins group to grant admin-level access in PLAYipp.
  3. This assignment ensures that any users added to these groups in Azure AD will automatically have the corresponding access in PLAYipp.

Step 4: Map Security Groups to Roles in PLAYipp Manager

  1. Log in to PLAYipp Manager.
  2. Navigate to Administration Tab > Organization Settings > SAML Tab.
  3. Map the group claims to roles or permissions in PLAYipp:
    • Admin Group: Map to full administrative permissions.
    • Editor Group: Map to content management permissions.
    • Screen Manager Group: Map to screen-related access.
  4. Configure any other settings needed to reflect the group claim roles accurately.

Step 5: Automating User Access Through Group Membership

With security groups linked between Azure AD and PLAYipp, managing access becomes automated:

  1. Onboard New Users: Simply add them to the appropriate security group in Azure AD (e.g., PLAYipp Editors), and they will automatically gain the corresponding permissions in PLAYipp.
  2. Modify User Permissions: Moving a user from one group to another (e.g., from PLAYipp Editors to PLAYipp Admins) will instantly change their access level in PLAYipp.
  3. Revoke Access: Removing a user from all groups assigned to PLAYipp will revoke their access.

Step 6: Advanced Configuration (Optional)

  1. Link Security Groups to Specific Screen Groups or Features:
    • Use security groups to manage access to specific screens, content, or features.
    • For example, grant access to only certain screen groups based on geographic or departmental needs.
  2. Combine Group Claims with Other Organizational Units:
    • Use group claims together with organizational structures in PLAYipp to refine user access control.

Troubleshooting

  • Users Not Getting Expected Permissions:
    • Make sure the security groups are properly assigned to the application in Azure AD.
    • Verify that the group claims are correctly mapped to roles in PLAYipp Manager.
  • Group Claim Not Appearing in PLAYipp:
    • Ensure that the group claim is correctly configured in the Azure AD app’s User Attributes & Claims settings.
    • Check the group claim format and adjust if necessary (e.g., use "Group Name" instead of "Group ID").

Conclusion
Using security groups and group claims to manage access in PLAYipp Manager offers a flexible and automated way to control permissions. By leveraging Microsoft Azure AD groups, you can centralize user management and simplify onboarding.
For additional assistance, contact PLAYipp Support.

Was this article helpful?
Popular articles
Activate signage screen
My screen has been disabled.
Installation of PLAYport HD
Installation of Samsung SSSP11
Publish content
This help center is created by ImBox