Managing VNC Connect roles and groups with Azure AD SSO

Follow

If you or your organization have enabled VNC Connect's Azure AD SSO, you will no longer be able to assign people and roles within the VNC Connect portal. Instead, all role assignment takes place in Azure AD. To discuss enabling Azure AD SSO for your subscription, please contact us.

Please note that membership and role changes made within Azure AD are not immediately reflected within VNC Connect, and will instead update as below:

  • If a user is signed in, then the changes will be applied within an hour
  • If a user is not signed in, then the changes will be applied when they next sign-in

Managers and Admins can use the VNC Connect portal to view the current members of the team, but cannot use it to add, remove or edit members. The list of members in the VNC Connect portal only includes those who have signed-in at least once.

Managing user and group assignments

  1. Navigate to the Azure AD portal, and sign in with an account that has appropriate permissions to assign users/groups to Enterprise applications
  2. Click Enterprise applications from the menu

    roles1.PNG

  3. Click the VNC-Connect-SSO app from the list

    roles2.PNG

  4. Click Assign users and groups in the Getting Started section, or Users and groups on the left menu

    roles3.PNG  or roles3b.png

Assigning new roles

  1. Click Add user/group at the top

    roles4.PNG

  2. Select the users and/or groups you'd like to grant access to VNC Connect, by clicking None Selected and then selecting from the list that appears
    Note, group assignment may require Azure AD Premium P1 or above

    roles5.PNG

  3. Select the role that you would like to assign to the selected users/groups
    Note, only 1 role can be selected. To assign a second role, e.g. Technician for Instant Support, if included in your subscription, follow these steps again

    roles5a.png

  4. When you have completed your selections, click Assign

    roles5b.png

  5. The selected users and role assignments will appear in the list, and the users are able to sign in to VNC Connect!

    roles6.PNG

Editing role assignments

  1. To edit an assigned role, select the user or group and click Edit

    edit1.png

  2. Select the role that you would like to assign

    edit2.png
  3. Click Assign and the selected user/group role will be updated

Removing role assignments

  1. To edit an assigned role, select the user or user group and click Remove

    remove1.png

Linking Azure AD Security Groups to VNC Connect User Groups

VNC Connect's Azure AD SSO makes it possible to link Azure AD security groups to VNC Connect's user groups, allowing you to manage group membership (e.g. for computer discovery permissions) in Azure AD instead of the VNC Connect portal.

Once a group is linked, its members can no longer be viewed or edited in the VNC Connect Portal. Any users currently in the group are removed and replaced by users that are members of the Azure AD Security Group. Adding or removing members from the Azure AD Security Group will cause those users to be automatically added or removed from the VNC Connect group. These group changes made within Azure AD are not immediately reflected within VNC Connect, and will instead update as below:

  • If a user is signed in, then the changes will be applied within an hour
  • If a user is not signed in, then the changes will be applied when they next sign-in

When a group is unlinked, it retains any members it had when it was linked, but these members are no longer automatically updated from Azure AD and can now be edited within the VNC Connect Portal.

Linking a group

  1. Follow the steps for Assigning new roles (above) to assign the Security group a role in VNC Connect
  2. Select the group from the list of Users and Groups in the VNC-Connect-SSO Enterprise app

    group1.PNG

  3. Copy the group's object ID

    group2.PNG

  4. Sign in to the VNC Connect Portal using an Azure AD SSO account that has been assigned as a Manager or Admin
  5. Click People, Groups

    group3.PNG

  6. Choose to either Create a new group, or edit an existing user group using the 3 dots button next to the group

    group4.PNG

  7. If creating a new group, enter the name of the group. For new and existing groups, select Link to an organization group and enter the Azure AD group's object ID. Click Save

    group5a.PNG or group5b.PNG


  8. The group will be synced with Azure AD and ready to use in VNC Connect.
Was this article helpful?
1 out of 3 found this helpful

Comments

0 comments

Please sign in to leave a comment.