Casebase- powered by Alexander Thamm GmbH - black
Support Desk

Documentation

Release Notes

Contact Support

Setup User Groups in Microsoft Entra ID (former Azure Active Directory)

The following is a comprehensive step-by-step guide for correctly linking your Microsoft Entra ID Groups to your Casebase instance.

The guide is intended to help you configure different user groups within Microsoft Entra ID (former Azure Active Directory) app registry to manage access permissions for different user roles within the Casebase application.

How to organize user access rights via Microsoft Entra for a multi-workspace approach in Casebase?

#1 Creating New User Groups

  1. Navigate to Microsoft Entra:
  2. Access Groups Section:
    • Navigate to “Groups.”>All groups
  3. Create a New Group for a Casebase workspace:
    • Click on the “+ New group” button.

4. Fill in the required information:

  • Group type  (usually: Security)
  • Name and description for the group (use here the Casebase workspace name e.g. Data Analytics Team)
  • Add Membership Type: (usually: Assigned)
  • Owner: Assign an owner to the group. The owner can manage group membership and settings.
  • Members: Add members to the group. This step is optional and can be done later.
  • Click “Create” to create the group
Create new user group Microsoft Entra

Repeat steps 3-4 as needed to create additional grourps for workspace if necessary for your organization’s roles or departments.

Microsoft Docu

#3 Configuring App Roles in Azure AD App Registration:

  1. Navigate to App Registrations:
    • In the Azure portal, navigate to “Azure Active Directory” > “App registrations.”
  2. Select App Registration:
    • Choose the app you want to configure (or create a new one if necessary) e.g Casebase
  3. Define App Roles:
    • In the app registration overview page, select “Manifest” from the left-hand menu.
    • Locate the “appRoles” section in the manifest JSON. Insert the following code snippet between the brackets.
    • Save the changings.

{
“allowedMemberTypes”: [
“User”
],
“description”: “Visitors have limited access to the default workspace Default 01.”,
“displayName”: “Default 01 Visitor”,
“id”: “02e0caa4-662d-4f04-8ea5-10edbf86f3ec”,
“isEnabled”: true,
“lang”: null,
“origin”: “Application”,
“value”: “Default01_VISITOR”
},
{
“allowedMemberTypes”: [
“User”
],
“description”: “Standard users access only to specific Workspace in the default workspace Default 01.”,
“displayName”: “Default 01 User”,
“id”: “73a98c0b-56d6-4e15-8e73-6d56c4e799a4”,
“isEnabled”: true,
“lang”: null,
“origin”: “Application”,
“value”: “Default01_USER”
},
{
“allowedMemberTypes”: [
“User”
],
“description”: “Moderators have administrative access to Default 01 workspace.”,
“displayName”: “Default 01 Moderator”,
“id”: “e7f916f0-e7e1-4bde-a101-361f2080c9f4”,
“isEnabled”: true,
“lang”: null,
“origin”: “Application”,
“value”: “Default01_FACILITATOR”
},
{
“allowedMemberTypes”: [
“User”
],
“description”: “Administrators have full access to the application.”,
“displayName”: “Administrator”,
“id”: “573d5a20-f527-4e90-a57e-8c978f788ac7”,
“isEnabled”: true,
“lang”: null,
“origin”: “Application”,
“value”: “ADMIN”
}

  1. allowedMemberTypes: Specifies the type of members who can be assigned this role. Typically, this is set to “User” to allow individual users to be assigned the role. Other possible values include “Application” for service principals and “Group” for Azure AD groups.
  2. description: Provides a brief description or summary of the role, explaining its purpose, permissions, or responsibilities within the application. This description helps users and administrators understand the role’s significance.
  3. displayName: Represents the display name of the role, which is typically a user-friendly name that describes the role in a clear and understandable manner. This name is visible to users when selecting roles or permissions.
  4. id: Unique identifier (GUID) for the role. This identifier uniquely identifies the role within the Azure AD tenant and is used to reference the role in various operations and configurations.
  5. isEnabled: Indicates whether the role is currently enabled or disabled. When set to “true,” the role is active and can be assigned to users or groups. When set to “false,” the role is inactive and cannot be assigned.
  6. value: Specifies the value of the role, which is a unique identifier used to represent the role in security tokens and claims. This value is typically used by the application to identify and authorize users based on their assigned roles.

#3 Mapping Groups to Roles:

  1. Acess Enterprise Applications:
    • In the Entra admin center, navigate to “Applications” > “Enterprise applications.”
  2. Select Casebase:
    • Choose the enterprise application corresponding to your app registration.
  3. Configure App Roles:
    • In the application overview page, select “Users and groups” from the left-hand menu.
    • Click on “+ Add user/group” to add users or groups to the application.
    • Select “Users and groups” and choose the user group you created earlier.
    • Assign the appropriate app roles to the selected group by checking the corresponding roles.
    • Click “Assign” to assign the selected roles to the group.
  4. Repeat as Needed:
    • Repeat steps 3 for each user group, assigning the relevant app roles based on the group’s access requirements.