Setting up User Templates
Creating User Templates for Microsoft Logins allows you to automatically and instantly provision new Users with a licence based on their Group Membership within Azure Active Directory. Rather than creating an account for each new user that requires access to Workbooks, these templates can be set up and used indefinitely and amended as required to allow for quick configuration of new users.
User Templates are setup within the Microsoft Logins section of the Configuration Menu. This is found under Start > Configuration > Account Settings> Authentication and choose Microsoft Authentication, from here select the User Templates tab.
NOTE: Ensure that User Provisioning is checked otherwise accounts will not be provisioned.
To create a new User Template select the Add button, this will open a new window where you can create a new User Template.
In order to create the User Template you must populate the following Fields:
Azure Group: The name of the Azure Group that the User belongs to. This is an exact name match, so we would recommend copying the name directly from Azure.
Template Order: Select the Order that this Template will appear in. Users will be added to the first template that matches their Azure Group. This means that if you have a User that is a member of two Azure Groups they will only be provisioned using the first with an exact name match.
NOTE: Due to this we recommend that you order Templates such as “All Users” last and have niche User Groups such as “Workbooks Admin” at the top of the list.
Enabled: Select whether you want to enable this User Template or not.
Timezone: The User’s timezone.
Further down the screen you will see a list of all the available databases on your account. You can grant or deny access to each database, choose which default Own Organisation the new User will have, and select Groups within the database that the User will be a member of.
Finally, you can select a licensed Workbooks Edition and choose Workbooks extensions that the User will be provisioned with.
Now you can Save & Close the User Template. User Templates can be edited later if needed.
After you have set up all the required User Templates, Users with Active Directory accounts will now be able to access Workbooks by using the Login with Microsoft button.
If the user has already logged into Office, and their sign in is remembered, they will be automatically logged into Workbooks when using the same browser. If a User is using incognito mode or a different browser they will be prompted to log into their Microsoft Account.
- When a User logs in via Microsoft for the first time there are a few possible outcomes:
- If they are a new Workbooks User a Workbooks account will be created for them in line with the first matching Azure Group that they are a member of, and they will have access to all the Groups and Databases this User Template has access to.
NOTE: Users will not be sent an activation email when logging in for the first time, so they will be able to log in to the system immediately.
- If they are an existing User and have access to all the databases within your Workbooks account that the first matching User Template has access to, they will be logged in as normal, their User Groups will not be modified.
- If they are an existing User but do not have access to all the databases within your Workbooks account that the first matching User Template has access to, then their User Groups will not be modified within the databases that they previously had access to, but will be given access to any additional databases and put into the User Groups as outlined in the User Template.
- If they are an existing user but are not a member of an Azure group with a matching Workbooks User Template then they will be logged in as before.
- If they are a new user and are not a member of an Azure group with a matching Workbooks User Template then they will be unable to login to Workbooks.
NOTE: Licenses will be automatically provisioned for users when logging in for the first time, even if this exceeds your license limit.
Amending User Templates and logins for existing users
When a User logs in for the first time with the Microsoft Login, a Trusted Identity is created that is found within a User’s Preferences.
While this Trusted Identity exists, the User will be able to log in to Workbooks with a single click using the Login with Microsoft button.
If you make changes to the configuration for a database with a User Template – such as reconfiguring Group membership or the default Own Organisation – and you want to re-provision a User via the User Template, then the User may delete their Trusted Identity and log in with Microsoft again. The User’s Group membership and default Own Organisation will be reconfigured, and the Trusted Identity will be recreated to show that the User has been provisioned in the database.