AAD profiles is part of the Hello for business / Azure AD implementation. It allows user with relevant privileges to create (or update) AAD profiles which can be applied to the users in the Operationak console / Hello for business section.


Available actions for user with appropriate privileges:

Create profile

Create new AAD profile.

Duplicate profile

Duplicate the profile.

  • Note: the timestamp will be added to the name within duplication - can be changed later.

Edit profile

Update the profile

  • Note: users to whom the profile was previously applied will not be affected by the profile update.

Configure permissions


Define who (specific user or users from specific group) is able to assign affected profile

Define groups to assign


Define which groups will be assigned in external resource (Azure) when specific profile will be applied

Define groups to unassign


Define which groups will be unassigned in external resource (Azure) when specific profile will be applied

Delete profile

Delete the profile.

Search profile

Search profiles by name.

Display detail

[ click on the row ]

Open the drawer with the detail of the profile




Creating new AAD profile

1

Open the IGA - Governance section and go to the AAD Profiles.

2

The list of profiles will be displayed.

3

Press the CREATE PROFILE button [ ]

4

The form for create profile is opened.

5

Fill in the profile Name and define the types of users for which this profile is applicable. The possibilities are:

  • AZURE - type member, not synchronized with AD
  • ON_PREMISES - type member, synchronized with AD
  • GUEST - user from external AAD
  • DEVICE - device


Note: in case that USER, ON_PREMISES or GUEST are selected, the DEVICE option is disabled and vice versa if DEVICE is selected than all other options are disabled

6

Choose the Display in table for the possibility to display the profile assigned on the user in the users list - feature in Operational console. Sometimes the profile should not be displayed on the list.

7

Choose whether the prefered group should be displayed on the user's detail. If the Assign main group is checked, then the Resource selection will be disabled and user can select which group will be set as main group - for identification of the profile.

8

Set all mandatory fields and press button CONFIRM. The profile will be created and displayed in the list of profiles.




Configure permissions

1

Open the IGA - Governance section and go to the AAD Profiles.

2

The list of profiles will be displayed.

3

Select desired profile and mouseclick on the row of the table. The drawer with the detail of the profile will be opened.

4

Go to tab Permissions and press the CREATE PERMISSIONS button [ ].

5

Select the tenant from which users and/or groups will be able to access this profile.

6

Select if users or groups should be offered in the selection below.

7

Select user or group of users and press CONFIRM button.

  • Note: start typing the username or name of the groups to select the desired one.

8

The new record with the permissions will be displayed in the list of permission.




Configure groups that will be assigned within profile application

1

Open the IGA - Governance section and go to the AAD Profiles.

2

The list of profiles will be displayed.

3

Select desired profile and mouseclick on the row of the table. The drawer with the detail of the profile will be opened.

4

Go to tab Groups to assign and press the CREATE GROUP button [ ].

5

Select the Resource and specific Group and press the CONFIRM button.

6

The new record with the group will be displayed in the list of groups to assign. When this profile is applied to the user or device, then displayed groups will be assigned within profile application.




Configure groups that will be unassigned within profile application

1

Open the IGA - Governance section and go to the AAD Profiles.

2

The list of profiles will be displayed.

3

Select desired profile and mouseclick on the row of the table. The drawer with the detail of the profile will be opened.

4

Go to tab Groups to unassign and press the CREATE GROUP button [ ].

5

Select the Resource and specific Group and press the CONFIRM button.

6

The new record with the group will be displayed in the list of groups to unassign. When this profile is applied to the user or device, then displayed groups will be unassigned within profile application.




Duplicate AAD profile

1

Open the IGA - Governance section and go to the AAD Profiles.

2

The list of AAD profiles will be displayed.

3

Choose the profile and press the DUPLICATE [ ] button from the context menu of the profile [ ].

4

The confirmation modal with the new name will be opened - adjust or just confirm the modal and copy of the profile will be created. 




Edit AAD profile

1

Open the IGA - Governance section and go to the AAD Profiles.

2

The list of AAD profiles will be displayed.

3

Choose the profile and press the EDIT [ ] button from the context menu of the profile [ ].

4

The edit modal window will be opened to possibly edit all parameters of the profile.

5

Adjust parameters of the profile and press button CONFIRM - the changes will be submitted.

  • Note: Changes to the profile are not applied retroactively to users to whom a previous version of the profile was applied.