This article will provide guidance on streamlining the user management and new user registration process for DatabeatOMNI administrators integrating with Microsoft 365.
In DatabeatOMNI there are two optional features for Microsoft 365 user management.
1. Selecting manual or automatic user registration
We suggest enabling the Automatic user registration feature in the Microsoft 365 Permissions Panel within DatabeatOMNI as an Administrator or Super User. This feature does not require any additional permissions in AAD, making it a hassle-free option.
2. User Management through Microsoft 365 Groups
If you plan to manage your DatabeatOMNI users based on group membership in Microsoft 365/Azure Active Directory (AAD), we advise planning this before activating it. If you have any queries about your configuration or the available options, please do not hesitate to reach out to the Databeat Support Team for assistance.
How to set it up
Once you have logged into DatabeatOMNI and accessed the Locations tab, navigate to the Microsoft 365 Permissions panel to customize your integration settings. Here, you can find the necessary tools to tailor your Microsoft 365 integration to your requirements.
In the Users and Roles settings category on the left-hand side, you can make adjustments to enhance the user experience and simplify user management while still maintaining your authentication requirements.
1. Selecting manual or automatic user registration
How to enable Automatic User Registration in DatabeatOMNI
By default, DatabeatOMNI will require the manual registration of users in the Users tab. As an alternative, you can select enable and save to automatically register users.
If enabled a new/unregistered user sign-in with a Microsoft 365 User to DatabeatOMNI will automatically be added as users to your DatabeatOMNI account with no access role.
As an administrator or Super User with access to the Users tab, you will be able to assign a role. You can read more about roles and creating a new user here.
Rest assured that a role must still be assigned for new users. Simply attempting to sign in will not grant access. However, the correct username and email will be provided automatically. If a user attempts to log in without access, they will be informed accordingly.
After assigning a role to the new user and their subsequent login with their Microsoft 365 account, DatabeatOMNI will register them as a third-party Microsoft 365 user and save their name and email address. However, other information such as their title, phone number, and profile picture will be stored in Microsoft 365 and require a Microsoft 365 login from your organization and the delegated permission to view them.
Benefits and consequences of signing in with a Microsoft 365
Benefits of signing in with a Microsoft 365 user include simplified user registration and management processes for DatabeatOMNI administrators. It also allows for automatic addition of new users and ensures correct username and email information are provided.
This means that users will no longer be able to use a regular username and password to log in.
Instead, they will need to comply with your organization's login requirements and authentication rules, such as multi-factor authentication (MFA) or conditional access policies.
This will not only increase security but also make the user experience more straightforward. Please note that if a Microsoft 365 user is inactive or blocked and not authorized to log in by Microsoft 365 / AAD, they will not be able to access DatabeatOMNI.
However, it's important to note that this feature may not work for users with different email and login name policies or multiple domains.
For this feature to work, DatabeatOMNI must be able to find the user in your Azure Active Directory (AAD) with a matching log-in name (E-mail).
If your organization separates User Principal Name (UPN) and log-in name/Username as a policy, the email address provided to DatabeatOMNI from the sign-in is likely to not find a match, requiring manual registration for such users. It may also fail when using multiple domains on users, I.E. "@subsidiary.net" vs. "@company.com" vs. "@company.onmicrosoft".
2. User Management through Microsoft 365 Groups
How to setup User Management through Microsoft 365 Groups
Utilizing the user's Microsoft Group Membership for DatabeatOMNI User Access
By default, access to DatabeatOMNI features is determined by roles defined in DatabeatOMNI.
By enabling and integrating the Microsoft 365 Group membership feature it will allow you to control user roles through Microsoft 365 Groups, simplifying the process of assigning and managing user access. Allowing you to streamline your user access management and create a centralized user management system, reducing the need for managing users in multiple systems.
Managing DatabeatOMNI users based on group membership in Microsoft 365/Azure Active Directory (AAD) can simplify user management for administrators. This feature can be activated in the Microsoft 365 Permissions panel within DatabeatOMNI, but it is advisable to plan this before activation. If you have any queries about your configuration or the available options, please do not hesitate to reach out to the Databeat Support Team for assistance.
Note: Enabling automatic user registration does not automatically activate group membership, and vice versa. These features can be used independently of each other to simplify user management in DatabeatOMNI.
Delegated Permissions are required to enable
Enabling the Microsoft 365 Group Membership feature requires the DatabeatOMNI - Business Enterprise application to have delegated permissions. This allows your logged-in Super User or Administrator to search, view, configure, and select the groups you want to link with, as well as maintain access if any changes occur.
It's important to note that these permissions are based on your logged-in user's permissions, not application-based permissions that allow DatabeatOMNI to act on its own. Click here to learn more about Microsoft Graph permission types directly from Microsoft.
Before granting permissions for Microsoft 365 Group Membership, it's important to note that Microsoft will provide a description of the required permissions during the configuration process. However, here's a sneak peek:
Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access.
Allows the app to list groups, read basic group properties and read membership of all groups the signed-in user has access to.
Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions.
Linking DatabeatOMNI Groups with Microsoft 365 Groups
After enabling the Microsoft Group User Management feature in DatabeatOMNI and having granted the DatabeatOMNI - Business Enterprise application the required permissions, you will be able to search for and link your Microsoft 365 Groups to the respective DatabeatOMNI Role.
Linking requires the Admin integration enabled in the Microsoft 365 Permissions Panel
1. Select the Pencil icon next to the enabled button to configure or edit Group linking.
2. In the settings panel for Group linking, you can easily search for your custom Microsoft 365 Groups and link them with the corresponding DatabeatOMNI Group Name for a specific User Access Role.
Searching for a group will actively search based on your search bar text, keep in mind that this needs the Admin feature enabled in the Microsoft 365 Permissions Panel to work.
The green checkmark indicates a link. You can always unlink with the X or search for another group if any changes occur or you need to re-link the group.
3. When 10/10 groups are linked you have completed the configuration. Keep in mind that a user must be a member of the Microsoft 365 Group, and they can have multiple group memberships.
It's important to note that certain changes related to your integrated Microsoft 365 account may not be accessible to external parties like the Databeat Support team.
These changes are now managed by your own IT department and Microsoft 365 administrators and you should check internally first if any issues occur.
However, if you have any questions about the available options or logic, the Databeat Support Team is always available to assist you.