Configure AIM to Use Microsoft Entra ID Groups for Restricting User Access based on Portal IDs

If there is a requirement to use multiple Portal IDs and you want to restrict a Portal ID’s access based on user groups, then it can be achieved by creating Microsoft Entra ID groups.

1. Ensure you have followed the steps in the previous section in the Configure AIM to use Microsoft Entra ID for access to the Dashboard topic.

2. To create an Microsoft Entra ID group, navigate to the tenant page and select Groups.

   

3. Select New group.

   The New Group screen opens.

   

4. Enter the Group Type as Security or Microsoft 365. Add the Owners and Members based on requirements. Click Create.

   

5. The Group will be shown under All groups. Take a note of the Object Id for each required group so that they can be configured in the Portal ID’s AccessControlList (in the web.config) to Allow or Deny Groups.

   

6. Apply the group for a Portal ID, for example:

   <portal id="portal1">

   <ConnectionString …. />

   <AccessControlList>

   <Allow Everyone="False" nodetype="leaf">

   <Users> <User Value="abc@xyz.com" /> </Users>

   <Groups><Group Value="17462d33-d117-459f-9fbc-88316ee41234" /></Groups>

   </Allow>

   <Deny nodetype="leaf">

   <Users> </Users>

   <Groups></Groups>

   </Deny>

   </AccessControlList>

   <ContentManagementInteroperabilityServices>…</ContentManagementInteroperabilityServices>

   </portal>