In case your company is using Active Directory to manage the employees, you can now connect Gtmhub with Active Directory and automatically onboard all your users to Gtmhub.

What does it do?

  • Allow users to login to Gtmhub with their Active Directory credentials

  • Automatically creates Gtmhub users from your Active Directory once they log in

  • The users that are removed from your Active Directory will not have access to Gtmhub anymore.

  • Map Active Directory roles to Gtmhub roles

Prerequisites

In order to be able to connect Gtmhub with your Active Directory instance you will need following:

  • Enterprise edition of Gtmhub

  • You need to be Gtmhub administrator

  • Azure Active Directory rights to approve Gtmhub's request to read from the directory

Setup

  • Log in to Gtmhub

  • Navigate to Setup > Configuration > Single Sign On

  • Make sure the first drop down is configured for Office 365 / Azure Active Directory


Federated email domains

If your Azure AD manages more than one domain, use the "+add alias domain" and provide the additional email domains this connection should work with.

  • Enter your Active Directory domain. Usually that is the portion of your corporate email after the '@' sign. For example the domain name of [email protected] is 'example.com'. 

  • Click Test connection button

  • If the domain is valid and the connection was successfully established you will see the following screen

  • Now, you need to give Gtmhub rights to read your Active Directory information. To do so click on the Open confirmation screen button or send the link to your Azure Active Directory administrator to authorise the Gtmhub integration. 

  • If you have permissions to allow Gtmhub to read your Active Directory, you will see a screen similar to this one. Click on the Accept button.

Once the connection has been successfully established, you will see your Active Directory connection in Gtmhub.

Configuring Azure group access to Gtmhub

By default, when you configure SSO we leverage user access control to you. The default setting of the Azure app is to allow anyone to log in to Gtmhub. If you want to limit this, you can assign specific users or groups to the application, so only they can log in to Gtmhub. Just turn on “User assignment required” :

And then assign the desired users and groups to the application from Users and Groups

Mapping Azure AD roles to Gtmhub roles

You can specify that users coming through a specific Azure group get assigned to a selected role in Gtmhub. For more information see Automate Gtmhub user role assignment based on SSO group membership | Gtmhub Help Center.

Did this answer your question?