After integrating your DatabeatOMNI account with Microsoft 365 / Azure AD you may experience that users in your organization are not allowed to log in or access DatabeatOMNI. This article will attempt to help you troubleshoot and explain why.
Please note that your organization's Azure AD configuration and policies are highly relevant and possibly the reason why you are experiencing issues.
Hopefully, these tips may help you out, but do not hesitate to contact support@databeat.net if you are unable to resolve the issue after reading this article.
1. User in DatabeatOMNI needs to have the same e-mail as Azure AD.
The most common reason as to why users are not able to log in is a mismatch in username/email/User Principle Name (UPN) between DatabeatOMNI and your Azure AD.
If the username/email in DatabeatOMNI does not match what is registered in your Azure AD, it will not work. Depending on your Azure AD administrator's actions, please confirm internally that you have the right username. The "User Principal Name" (UPN) found in Azure AD is probably the correct one.
An example we often see is that the user "John Doe" is first created as jo.do@onmicrosoft.company.com. Later on, it is changed to Jo.do@company.com, and at last, the user got the alias john@company.com.
2. Users are "Signing up" and not "logging in"
If your users are selecting the sign up button, instead of login - and the username they have selected has a different domain that what is registered, it might cause them to create an individual or additional account. This often happens if some users have @onmicrosoft domain.
The user will be able to delete their own account and user, which will solve this issue. But remember that the username may be required to be manually created on the correct account before successfully logging in.
It is also possible to contact support@databeat.net for manual removal of the "duplicate" account and recreation of the username on the correct account.
3. Users needs administrator approval to login to DatabeatOMNI
If users are required administrator approval or access to login, it is highly probable that you have not approved the DatabeatOMNI application in Azure AD. To do so your organization may require that an administrator allows you to approve it or that the administrator approves this app on your behalf.
Secondly, your organization may have restricted access to the DatabeatOMNI application and need to open it for more users. The solution would be for an administrator to grant access "on behalf of your organization" for the application, a specific group with users, a specific user, or a role.
4. Unable to grant access on behalf of your organization
If an administrator is unable to approve access to the DatabeatOMNI Azure AD application on behalf of other users, it might be that you have the Azure AD built-in role "Application administrator". Please remove your user's Azure AD role called "Application administrator".
Read more about the Application administrator role here
Then try again without the role, and your user should be prompted with the same message as other users. When prompted you can check the box to approve the application "on behalf of your organization". Other users will be able to log in if registered correctly in DatabeatOMNI after this!
An alternative method is to grant admin access for Databeat.Net AS directly in Azure AD. After doing so you can manually remove unnecessary permissions via PowerShell since this will request permissions for the full integration.
Please check out Microsoft's documentation for more information:
About the Azure AD built-in Application administrator role