Using Single Sign-On (SSO) with ISMS.online allows you to make use of a provisioning feature: New User Templates!
What are New User Templates?
New user templates allow a platform Administrator to provision work areas automatically to new users that are created by logging in via SSO.
There are two types of new user template:
1. Templates applied to ALL new users.
You may only have one template that can be applied to all users. This will be applied in addition to any other matching templates. For example, you may want every new user to be given the Employee Induction template, along with their individual role template.
2. Templates applied to individual groups.
These templates are applied to specific groups, which you will define in Azure AD. The groups will then be pulled through into ISMS.online, and users will be identified and applied the correct template upon user creation at log in.
How to set up a new user template
Create a Group attribute claim
First, you will need to ensure you map a new attribute in your app Single Sign-On settings. This attribute will be to pull the information for your AD group into ISMS.online:
1. Navigate to Azure AD > Applications > ISMS.online app > Single Sign-On > 2. User Attributes & Claims
2. Click add a group claim:
3. Select which groups this claim should apply to and then fill in the claim information as shown:
4. Click save and then refresh the page, it should look like this:
Create a Group in Azure AD
The next stage to set this feature up is to create Groups in Azure AD (If you haven't already!). In most cases, your organisation will already have these set up, they may be named based on department or role (e.g. Finance, HR, IT, Marketing, Support).
As an example, we will be using a 'Marketing' group, so that we can make a Marketing User Template in ISMS.online.
To do this:
1. Navigate to Azure AD, click on Groups, create Group. See here for the Microsoft guide on creating Groups.
2. In your list of Groups, navigate to the one you wish to create a template for. Click into it and copy the Object ID.
1. Move over to ISMS.online.
2. Navigate to Organisation Settings > New User Templates.
3. Click 'Create New Template'
4. Fill in the details for this template.
5. Select 'Only users who belong to a group in the identity provider'
6. Paste the Object Id into the 'SSO Attribute field'
You can then scroll down the page and select which Permissions, Work areas, and Policy Packs to assign to the template.
When a new user from the 'Marketing' Group in Azure AD logs into ISMS.online via SSO for the first time, they will be associated with the Marketing Template, and granted all of the access and work areas that come with it.