To Map Azure Active Directory Groups to Roles in MYOB Acumatica

After you have enabled integration with Microsoft Azure Active Directory (Azure AD), you need to map Azure AD groups to user roles defined in MYOB Acumatica by using the User Roles (SM201005) form.

Note:
The Active Directory tab appears on the form if the integration of MYOB Acumatica with Azure AD has been enabled in the web.config file, as described in To Configure the Web.Config File for Integration with Azure Active Directory.

Before You Begin

Before you start configuring your system, make sure that all the domain users have email addresses configured in Azure AD.

To Map Active Directory Groups to MYOB Acumatica Roles

  1. Open the User Roles (SM201005) form.
  2. In the Summary area, in the Role Name box, select the role you want to associate with an Active Directory group (or with multiple groups).
  3. On the Active Directory tab, click Add Row.
    Attention:
    The Active Directory tab appears on this form if the integration of MYOB Acumatica with AD has been enabled in the web.config file, as described in To Enable Active Directory Integration.
  4. In the Group column on the new row, select the AD group that you want to associate with the role.
  5. On the form toolbar, click Save.
  6. Repeat Steps 2 through 5 for every role that should be mapped to AD groups.

To Remove Mapping of Active Directory Groups to Roles

  1. Open the User Roles (SM201005) form.
  2. In the Summary area, in the Role Name box, select the role for which you want to remove association with an Active Directory group (or with multiple groups).
  3. Click the row that contains the AD group that you want to disassociate from the role, and click Delete Row on the table toolbar.
  4. On the form toolbar, click Save.
  5. Repeat Steps 2 through 4 for every role for which mapping with AD groups should be removed.
After you have mapped Azure AD groups with user roles in MYOB Acumatica you can assign specific roles for a particular domain user, as described in To Set Up Role Assignment for Domain Users or enable silent logon with Azure AD to use the Azure AD service as the default identity provider, as described in To Enable Silent Logon.