In case your company is using Active Directory to manage the employees, you can now connect Gtmhub with Active Directory and automatically onboard all your users to Gtmhub.
What does it do?
- Allow users to login to Gtmhub with their Active Directory credentials
- Automatically creates Gtmhub users from your Active Directory once they log in
- When a user is removed from your Active Directory he will no longer have access to Gtmhub
- Map Active Directory roles to Gtmhub roles
In order to be able to connect Gtmhub with your Active Directory instance you will need following:
- Enterprise edition of Gtmhub
- You need to be Gtmhub administrator
- Azure Active Directory rights to approve Gtmhub's request to read from the directory
- Log in to Gtmhub
- Navigate to Setup > Configuration > Single Sign On
- Make sure the first drop down is configured for Office 365 / Azure Active Directory
If your Azure AD manages more than one domain, use the "+add alias domain" and provide the additional email domains this connection should work with.
- Enter your Active Directory domain. Usually that is the portion of your corporate email after the '@' sign. For example the domain name of [email protected] is 'example.com'.
- Click Test connection button
- If the domain is valid and the connection was successfully established you will see the following screen
- Now, you need to give Gtmhub rights to read your Active Directory information. To do so click on the Open confirmation screen button or send the link to your Azure Active Directory administrator to authorise the Gtmhub integration.
- If you have permissions to allow Gtmhub to read your Active Directory, you will see a screen similar to this one. Click on the Accept button.
Once the connection has been successfully established, you will see your Active Directory connection in Gtmhub.
Configuring Azure group access to Gtmhub
By default, when you configure SSO we leverage user access control to you. The default setting of the Azure app is to allow anyone to log in to Gtmhub. If you want to limit this, you can assign specific users or groups to the application, so only they can log in to Gtmhub. Just turn on “User assignment required” :
And then assign the desired users and groups to the application from Users and Groups
Mapping Azure AD roles to Gtmhub roles
You can specify that users coming through a specific Azure group get assigned to a selected role in Gtmhub. This is valid only on user creation, so it will kick in on the user's first login to the account. To configure groups to roles mapping, go to your Gtmhub account Settings -> Single Sign On, and click on the three dots next to your SSO connection there. Select the Roles mapping option
In the dialog that opens, add a new mapping. Use the name of the Azure Ad group and select the desired Gtmhub role it maps to:
For example, you could decide that Active Directory role "hr" maps to Gtmhub role "admin", which theoretically will allow everyone in the company from the Human Resources department to be a Gtmhub account administrator.