External user integration
BizzStream makes it possible to synchronize users from an external system with BizzStream. Currently BizzStream supports only an integration with the Azure Active Directory; a cloud service provided by Microsoft.
Setup
To setup an integration with the Azure Active Directory in respect to a specific BizzStream environment a 'tenant' configuration in the 'External Users integration' tab has to be specified as illustrated in the image below:
Only when the 'External users integration' checkbox has been checked an external users integration can be configured. The checkbox can only be set by Maxedy.
For establishing an integration the following values can / must be set:
Setting | Optional | Description |
---|---|---|
Tenant | False | Reference to the tenant configuration* |
Groups to Sync | False | Comma separated string containing the group IDs of the groups in the Azure environment of which the users need to be synced |
Default menu | True | The default menu's that will be added to new external users |
Periodically Sync Users | True | Once checked the environment will sync the users originating for the external system to BizzStream with an interval of 15 minutes |
A tenant configuration will be configured by a partner. The configuration represents a technical implementation between BizzStream and the external environment identified with a tenant name to which can be referred to by making use of the Tenant setting.
Synchronization
Synchronization is the process of registering and updating external users in BizzStream. Users can be synced manually by making use of the Sync button as illustrated in the image above or periodically when the 'Periodically Sync Users' setting has been checked.
In both cases :
- Non existing users will be added to the current environment. It is important to realize that a user can have access to multiple environments. If a user already exists in relation to another environment the user will be modified in a way that environment access will be added to the existing users.
- Personal settings (like name or email) will be overridden by the settings acquired from the external environment.
-
An existing user will be deactivated when:
-
It has been removed from a group in the external environment that has been assigned to a particular BizzStream environment.
- The user group of the user has been removed from the BizzStream environment.
Management of the external user profile is the responsibility of the external environment. This means that Amazon Azure is completely responsible for the settings activation and group memberships. Therefore, in BizzStream the settings for modification of an external user have been disabled as illustrated by the image below:
Aforementioned also implies that the reset password functionality does not apply to external users. An external user will be notified by the contents of the reset password mail:
Authentication
Synchronized users are able to log in by using their external user environment credentials. In other words; the username and password specified in the Azure AD environment. When pressing the 'login' button BizzStream delegates the authentication process to Azure. After login the external user equals a regular (internal) BizzStream user implementation.
Security
The session of a authenticated external user will expire after 8 hours. After this expiration period the user will automatically be logged out.