How do I map permissions from Microsoft Entra to ONARKEN?

ONARKEN synchronises users from Microsoft Entra ID based on configured Role and Access Group mappings. These mappings determine which users are imported into ONARKEN, their permissions, and the Smart Lockers or Asset Types they can access.

Key Concepts

1. Roles:
   Every user in ONARKEN must be assigned a single Role. Roles define a user’s permissions within the platform.

   • Users without a valid Role mapping in ONARKEN will be considered invalid and not imported.
     
     

2. Access Groups:
   Access Groups define which Smart Lockers and Asset Types a user can access.

   • Users with a valid Role but no Access Group will be imported into ONARKEN but will likely have no functional access to lockers or assets.

Prerequisites

Before mapping roles and access groups, ensure your ONARKEN instance is already connected to Microsoft Entra. If not, refer to the How to connect Microsoft Entra ID to ONARKEN? for instructions.

How to Configure Role and Access Group Mappings

1. Log in to the ONARKEN Management Platform.
   Use your administrator credentials to access the system.
   
   

2. Access the Integrations Section.

   • Click Integrations from the main navigation menu.
     
     

3. Open Microsoft Entra ID Configuration.

   • Under Microsoft Entra ID, click Configure Integration.
     
     

4. Map Roles and Access Groups:

   • For each Role or Access Group you want to map, click Map.
     
     

5. Search for the Group in Microsoft Entra ID:

   • Use the search box to locate the desired Group Name in Microsoft Entra.
     
     

6. Add the Mapping:

   • Once you find the required group, click Add Mapping.
     
     

7. Repeat as Needed:

   • Continue mapping until all necessary Roles and Access Groups are configured.

Best Practices

• Ensure every user in Microsoft Entra ID has a valid mapping to a Role in ONARKEN.
• Configure Access Groups thoughtfully to align with your organisational structure and access requirements.
• Regularly review mappings to ensure they reflect current operational needs.

What Happens During Synchronisation?

• Valid Mappings:
  Users with valid Role and Access Group mappings are imported into ONARKEN with the appropriate permissions and access.
  
  

• Missing Role Mapping:
  Users without a valid Role mapping are marked as invalid and will not be imported.
  
  

• Missing Access Group Mapping:
  Users with a Role but no Access Group will be imported but will not have access to lockers or asset types.

By correctly mapping Roles and Access Groups, you ensure that user synchronisation between ONARKEN and Microsoft Entra ID is accurate and effective, supporting secure and efficient locker and asset management.