5. Role Mapping

Objective

Show how transfer Azure AD groups into DNN website.

5.1. Overview

“Azure AD Connector” allows transfer Azure groups into DNN user profile at the sign in process. You can easily decide which groups needs to be transfered through simple interface, that can be found under “Role manager” tab, see figure below.

_images/role-mapping_01.png

“Role Mapping” in convenient way increase secure of your DNN website.

5.2. Permissions

Before you start configuring role mappings, please make sure that Azure AD application contains necessary permissions. Permission Group.Read.All (Admin Only) needs to be set for the “Application Permissions”, see figure below. It is used to load Azure groups into “Role Manager” settings panel.

_images/role-mapping_04.png

5.3. Setting Mapping Table

To set up role mapping follow seteps below.

  1. Sign in to the DNN website as a “DNN Host”.

  2. Go to the “Extensions” menu, see figure below.

    _images/open-plugin-settings_01.png

  3. From the extensions category list select “Authentication Systems”, then click on pencil icon near the “AD-Pro Azure AD Connector”, see figure below.

    _images/open-plugin-settings_02.png

  4. Select “Site Settings” tab, where configuration panel exist with all settings for “AD-Pro Azure AD Connector” plugin, see figure below.

    _images/open-plugin-settings_03.png

  5. Click on the “Role manager” tab, see figure below.

    _images/role-mapping_05.png

In left column are groups obtained from Azure AD. While on the right, each record has drop down list with DNN roles.

Please note that only groups visible by “Azure Application” will be displayed.

5.4. DNN role creation

Azure groups that doesn’t have corresponding DNN roles, have description like: (Role doesn't exit in DNN, Click here to create it). Through “Azure AD Connector” this DNN role can be easily created. When link Click here to create it will be clicked, new role in DNN will be automatically added, see figure below. Name and description of that role will be equal to the corresponding Aure group.

_images/role-mapping_03.png

5.5. One to Many relation

One particular Azure AD group can be mapped to one or multiple DNN roles.

For example if “Azure AD” user belongs to group Students, corresponding DNN user can be assigned to two DNN roles: Students and Courses, see figure below.

_images/role-mapping_02.png