This article explains how to add Azure AD app roles to an EloView enterprise application and receive them in the token
Please see below for how to add Azure AD app roles to your EloView enterprise application and receive them in the token.
App Roles vs. Groups
| App Roles | Groups |
|---|---|
| They're specific to an application and are defined in the app registration. They move with the application. | They aren't specific to an app, but to an Azure AD tenant. |
| App roles are removed when their app registration is removed. | Groups remain intact even if the app is removed. |
| Provided in the assignedroles claim. | Provided in groups claim. |
Examples of custom EloView security roles
| Role | Team |
|---|---|
| EloView_Admins | Admin Team |
| EloView_Support | Support Team |
| EloView_Viewers | Viewers |
Create custom security roles in EloView
- For help on this topic, please review the how-to guide on creating custom roles
- https://myelo.elotouch.com/support/s/article/EloView-Security-Roles
Creating app roles
- Sign in to the Azure portal.
- Search for and select Azure Active Directory.
- Under Manage, select App registrations and then select your EloView application to define app roles.
- Select App roles, and then select Create app role.
- In the Create app role pane, enter the settings for the role. Use the example table above to set each setting and its parameters.
- The Display name can continue spaces and does not need to match the Value field.
- The Value canโt contain spaces.
- Select Apply to save your changes.
Assign users and groups to roles
- Sign in to the Azure portal.
- Search for and select Enterprise applications.
- Under Manage, select All applications, and then select your EloView application to define app roles.
- Under Manage, select Users and groups, and then select Add user/group.
- Under Users and groups, select a user or group.
- Under select a role, select one of the newly created app roles.
- Click Select and then Assign.
- Repeat steps 4-7 to add the remaining roles.
Configuring the EloView application claims
- Sign in to the Azure portal.
- Search for and select Enterprise applications.
- Under Manage, select All applications, and then select your EloView application to define app roles.
- Under Manage, select Single sign-on.
- In the section Attributes & Claims, click Edit.
- Click Add new claim.
- In the Manage claim pane, enter the value for Name as โrolesโ and choose from the drop-down menu โuser.assignedrolesโ value for the Source. The name is case-sensitive and should be lowercase.
Test single sign-on with your EloView application
- In this example using the Azure AD enterprise app SAML settings test, we verify the EloView Admin user assigned to the EloView_Admins group included its role in the token as roles = EloView_Admins.
- Next, we log into the EloView portal to verify the user has been assigned the (SAMLUser)EloView_Admins role. If the settings were not properly configured or the instructions have changed, the user will be assigned the default (SAMLUser)Viewer role.
- For additional assistance, please reach out to technical support.
Please report any broken links by emailing support@elotouch.com and include a link to the knowledge article