{"id":3165,"date":"2021-04-06T12:12:38","date_gmt":"2021-04-06T10:12:38","guid":{"rendered":"https:\/\/taskcontrol.cz\/docs\/taskcontrol\/user-management\/azure-user-management\/"},"modified":"2021-05-24T08:39:45","modified_gmt":"2021-05-24T06:39:45","slug":"azure-user-management","status":"publish","type":"docs","link":"https:\/\/taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/","title":{"rendered":"Azure AD User Management"},"content":{"rendered":"<p>TaskControl support OIDC implementation of authentication by Microsoft using Azure Active Directory resources.<\/p>\n<h2>Information passed from Azure AD<\/h2>\n<p>Information received from the website TaskControl instance is limited to Azure AD user ID and email address. Other information is not provided.<\/p>\n<h2>Authentication process<\/h2>\n<p>A user opening TaskControl website instance is redirected to sign-in page using OpenIDConnect protocol where the authentication itself is processed by Microsoft Azure AD authentication process. A ticket proving user identity for application that requested the ticket (TaskControl) is generated and securely passed back to TaskControl instance.<br \/>\nTaskControl receives information and can proceed with authorization process providing a <a href=\"https:\/\/taskcontrol.cz\/docs\/en-docs-taskcontrol\/user-management\/roles\/\">role<\/a> to the user. The user is further receiving initial page with data depending on the role if any is found.<\/p>\n<p>A user with no <a href=\"https:\/\/taskcontrol.cz\/docs\/en-docs-taskcontrol\/user-management\/roles\/\">role<\/a> recieves a default message about rejection and he\/she needs to ask Manager role to create a user.<\/p>\n<h2>Customer Azure AD prerequisites<\/h2>\n<p>If a user from customer Azure AD can be authenticated to TaskControl instance depends on the security settings.<\/p>\n<p>If TaskControl is hosted by ORBIT and therefore is not registered as an application in customer Azure AD, the user need to have right to consent to TaskControl to access company information during authentication process.<br \/>\nAzure AD allows by default the consent for the user but in enterprise environment the consent may be disabled and TaskControl instance has to be registered as Enterprise application in Azure AD with TaskControl instance application ID.<\/p>\n<p>If TaskControl is hosted by the customer, the application registration in Azure AD of the customer will automatically allow the users to authenticate.<\/p>\n<p>Futher reading at <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/develop\/app-objects-and-service-principals\">https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/develop\/app-objects-and-service-principals<\/a><\/p>\n<h2>User registration to TaskControl<\/h2>\n<h4>Option A &#8211; Access denied approach:<\/h4>\n<p>If a user with no role to TaskControl opens the website and authenticates, an Access Denied page is displayed yet the user is registered automatically to TaskControl with his\/her Azure AD ID and email address (in most cases depending on OpenIDConnect type).<br \/>\nA person in Manager role can find (<a href=\"https:\/\/taskcontrol.cz\/docs\/en-docs-taskcontrol\/settings\/cache-of-application\/\">Cache Recycle<\/a> might be necessary if performed right after) the new user registration in the <a href=\"https:\/\/taskcontrol.cz\/docs\/en-docs-taskcontrol\/settings\/users\/\">Users view and assign Role<\/a> and fill all necessary information about the user such as Name, Surname, Mobile Phone, Notifications.<br \/>\nThe user now registered will have access to TaskControl instance closing and opening web browser.<\/p>\n<h4>Option B &#8211; Proper registration:<\/h4>\n<p>Before the user opens TaskControl for the first time with no role (Access denied approach), it is possible to <a href=\"https:\/\/taskcontrol.cz\/docs\/en-docs-taskcontrol\/settings\/users\/\">create full registration<\/a> of the user.<br \/>\nFor Azure AD authentication look for ObjectID from the User profile (Azure portal \/ Azure AD Tenant \/ Users \/ Username \/ Identification (box) \/ ObjectID attribute).<br \/>\nBulk operations allow to export necessary data for multiple users. Bulk insertion is described <a href=\"https:\/\/taskcontrol.cz\/docs\/en-docs-taskcontrol\/user-management\/bulk-user-registration\/\">here<\/a>.<br \/>\nThe registration of the user in TaskControl uses user ObjectID as a unique and primary key that identifies the user. All the other fields (Name, Surname, Email, Mobile Phone, Team) are not used for autentication and serve as a display or notification information used by TaskControl functionality only.<\/p>\n<p>Once user is registered with unique ObjectID, he\/she is authenticated and roles assigned the first time opening TaskControl website.<\/p>\n<p>ObjectID cannot be duplicated in Users table.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"featured_media":0,"parent":3148,"menu_order":1,"comment_status":"open","ping_status":"closed","template":"","doc_tag":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.12 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\r\n<title>Azure AD User Management | TaskControl<\/title>\r\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\r\n<link rel=\"canonical\" href=\"https:\/\/www.taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/\" \/>\r\n<meta property=\"og:locale\" content=\"en_US\" \/>\r\n<meta property=\"og:locale:alternate\" content=\"cs_CZ\" \/>\r\n<meta property=\"og:type\" content=\"article\" \/>\r\n<meta property=\"og:title\" content=\"Azure AD User Management | TaskControl\" \/>\r\n<meta property=\"og:description\" content=\"TaskControl support OIDC implementation of authentication by Microsoft using Azure Active Directory resources. Information passed from Azure AD Information received from the website TaskControl instance is limited to Azure AD user ID and email address. Other information is not provided. Authentication process A user opening TaskControl website instance is redirected to sign-in page using OpenIDConnect [&hellip;]\" \/>\r\n<meta property=\"og:url\" content=\"https:\/\/taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/\" \/>\r\n<meta property=\"og:site_name\" content=\"TaskControl\" \/>\r\n<meta property=\"article:modified_time\" content=\"2021-05-24T06:39:45+00:00\" \/>\r\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\r\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\r\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/\",\"url\":\"https:\/\/www.taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/\",\"name\":\"Azure AD User Management | TaskControl\",\"isPartOf\":{\"@id\":\"https:\/\/taskcontrol.cz\/#website\"},\"datePublished\":\"2021-04-06T10:12:38+00:00\",\"dateModified\":\"2021-05-24T06:39:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Dom\u016f\",\"item\":\"https:\/\/taskcontrol.cz\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ORBIT TaskControl\",\"item\":\"https:\/\/taskcontrol.cz\/docs\/en-docs-taskcontrol\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"User Management\",\"item\":\"https:\/\/taskcontrol.cz\/docs\/en-docs-taskcontrol\/user-management\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Azure AD User Management\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/taskcontrol.cz\/#website\",\"url\":\"https:\/\/taskcontrol.cz\/\",\"name\":\"TaskControl\",\"description\":\"Automatizujte koordinaci aktivit\",\"publisher\":{\"@id\":\"https:\/\/taskcontrol.cz\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/taskcontrol.cz\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/taskcontrol.cz\/#organization\",\"name\":\"ORBIT s.r.o.\",\"url\":\"https:\/\/taskcontrol.cz\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/taskcontrol.cz\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/taskcontrol.cz\/wp-content\/uploads\/2020\/05\/ORBITlogo.png\",\"contentUrl\":\"https:\/\/taskcontrol.cz\/wp-content\/uploads\/2020\/05\/ORBITlogo.png\",\"width\":200,\"height\":200,\"caption\":\"ORBIT s.r.o.\"},\"image\":{\"@id\":\"https:\/\/taskcontrol.cz\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/orbit\"]}]}<\/script>\r\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Azure AD User Management | TaskControl","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/","og_locale":"en_US","og_type":"article","og_title":"Azure AD User Management | TaskControl","og_description":"TaskControl support OIDC implementation of authentication by Microsoft using Azure Active Directory resources. Information passed from Azure AD Information received from the website TaskControl instance is limited to Azure AD user ID and email address. Other information is not provided. Authentication process A user opening TaskControl website instance is redirected to sign-in page using OpenIDConnect [&hellip;]","og_url":"https:\/\/taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/","og_site_name":"TaskControl","article_modified_time":"2021-05-24T06:39:45+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/","url":"https:\/\/www.taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/","name":"Azure AD User Management | TaskControl","isPartOf":{"@id":"https:\/\/taskcontrol.cz\/#website"},"datePublished":"2021-04-06T10:12:38+00:00","dateModified":"2021-05-24T06:39:45+00:00","breadcrumb":{"@id":"https:\/\/www.taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/azure-user-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Dom\u016f","item":"https:\/\/taskcontrol.cz\/"},{"@type":"ListItem","position":2,"name":"ORBIT TaskControl","item":"https:\/\/taskcontrol.cz\/docs\/en-docs-taskcontrol\/"},{"@type":"ListItem","position":3,"name":"User Management","item":"https:\/\/taskcontrol.cz\/docs\/en-docs-taskcontrol\/user-management\/"},{"@type":"ListItem","position":4,"name":"Azure AD User Management"}]},{"@type":"WebSite","@id":"https:\/\/taskcontrol.cz\/#website","url":"https:\/\/taskcontrol.cz\/","name":"TaskControl","description":"Automatizujte koordinaci aktivit","publisher":{"@id":"https:\/\/taskcontrol.cz\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/taskcontrol.cz\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/taskcontrol.cz\/#organization","name":"ORBIT s.r.o.","url":"https:\/\/taskcontrol.cz\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/taskcontrol.cz\/#\/schema\/logo\/image\/","url":"https:\/\/taskcontrol.cz\/wp-content\/uploads\/2020\/05\/ORBITlogo.png","contentUrl":"https:\/\/taskcontrol.cz\/wp-content\/uploads\/2020\/05\/ORBITlogo.png","width":200,"height":200,"caption":"ORBIT s.r.o."},"image":{"@id":"https:\/\/taskcontrol.cz\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/orbit"]}]}},"_links":{"self":[{"href":"https:\/\/taskcontrol.cz\/en\/wp-json\/wp\/v2\/docs\/3165"}],"collection":[{"href":"https:\/\/taskcontrol.cz\/en\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/taskcontrol.cz\/en\/wp-json\/wp\/v2\/types\/docs"}],"replies":[{"embeddable":true,"href":"https:\/\/taskcontrol.cz\/en\/wp-json\/wp\/v2\/comments?post=3165"}],"version-history":[{"count":0,"href":"https:\/\/taskcontrol.cz\/en\/wp-json\/wp\/v2\/docs\/3165\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/taskcontrol.cz\/en\/wp-json\/wp\/v2\/docs\/3148"}],"next":[{"title":"Active Directory User Management","link":"https:\/\/taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/active-directory-user-management\/","href":"https:\/\/taskcontrol.cz\/en\/wp-json\/wp\/v2\/docs\/3166"}],"prev":[{"title":"Authentication Methods","link":"https:\/\/taskcontrol.cz\/en\/docs\/en-docs-taskcontrol\/user-management\/authentication-methods\/","href":"https:\/\/taskcontrol.cz\/en\/wp-json\/wp\/v2\/docs\/3164"}],"wp:attachment":[{"href":"https:\/\/taskcontrol.cz\/en\/wp-json\/wp\/v2\/media?parent=3165"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/taskcontrol.cz\/en\/wp-json\/wp\/v2\/doc_tag?post=3165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}