How to set up groups in Microsoft Entra ID
Set Tribal Platform as an application in Entra ID and then create a client secret key in Entra ID. Then, set up the required groups.
Set up Tribal Platform as an application
Set up Tribal Platform as an application in Microsoft Entra ID and then create a client secret key in Entra ID. Before setting up Entra ID, you require the following:
-
An Entra ID account with administrative permissions to manage applications, client secret keys, and users.
-
A copy of the Tribal document Edge Tenant and Core Branding Request.docx, which is available on Tribal Communities. On Tribal Communities, go to Community and then Knowledge base and then Tribal Edge platform knowledge base and then General Information and then Accessing Tribal Edge Tenants (Environments).
-
The tenant name for the institution. If you do not know the tenant name, contact Tribal support.
Set up Tribal Platform as an application in Entra ID
Set up Tribal Platform as an application for authenticating with Entra ID user accounts as follows:
-
On the Entra admin centre, go to Applications and then Application registrations, and then select New application registration.
Define the name of the application, such as TribalPlatform, select the supported account types, such as Accounts in this organisational directory only, and then select to register the application, as shown in the image Register new application.
Register new application -
Define the redirect URLs. On the App registration page TribalPlatform, select Authentication and then select Add a platform. Then, add the redirect URIs that return the authentication response to Tribal Platform, as detailed in the table Configure platforms where:
-
tenantname
is the institutions tenant name, such ascaltech
. -
region
is the geographical region of the institution, such asAPAC
.
Configure platforms Type URL Description Web https://identity.tribaledge.com
/region /tenantname /connect /callback Always required. Web https://identity.tribaledge.com
/region/tenantname /signin-oidc-ThirdParty Always required. Web https://identity.tribaledge.com
/region/tenantname /signin-oidc-ADFS Required when using ADF (Active Directory Federation Services). -
-
Configure the API permissions. Go to API permissions and then Add permissions and then select the APIs my organisation uses tab. Enter
Windows Azure Active Directory
in the field and then press enter or select Windows Azure Active Directory option from the menu. -
Delegate the permissions. Go to Windows Azure Active Directory permission and then select Delegated permissions.
Select the User.Read and User.ReadBasic.All options and then select , as shown in the image Delegated permissions.
Delegated permissions -
Set up the Microsoft Graph API to use the external unique identifier. Go to Add permission and then Microsoft Graph and then select Delegate permissions.
Select the User.Read and User.RealBasic.All options and select , as shown in the image Microsoft Graph permissions.
Microsoft Graph user permissions -
On the Microsoft Graph API permissions, go to Add permission and then select Application permissions.
Select the User.Read.All and then select , as shown in the image Microsoft Graph application permissions.
Microsoft Graph application permissions -
Grant consent for all users in Azure Active Directory. Go to the API permissions for the Tribal Platform application and then select
.
Create the client secret key in Azure Active Directory
Create the client secret key for the Tribal Platform application. Then, send the client secret key and required identifiers to Tribal using the Tribal Platform tenant and core branding request document to enable the creation of the secure connection between Azure Active Directory and Tribal Platform.
Create the client secret key as follows:
-
Download the Tribal Platform tenant and core branding request document. On Tribal Communities, go to Community and then Knowledge base and then Tribal Edge platform knowledge base and then General Information and then Accessing Tribal Edge Tenants (Environments). Then, download the Edge Tenant and Core Branding Request.docx document.
-
Copy the application and directory identifiers. On Azure Active Directory, go to Application registrations and then TribalPlatform application and then Overview page. Then, copy the Application (client) ID and Directory (tenant) ID) identifiers to the Tribal Platform tenant and core branding request document.
The image Unique identifiers shows the Tenant ID (Directory ID) and Client ID (Application ID) that must be copied to the Tribal Platform tenant and core branding request document.
Unique identifiers -
Create the client secret key. On Application registrations, go to Certificates & secrets and then select New client secret.
Define the name of the client secret key, such as
TribalPlatform client secret
, and select the expiry duration of the key, such as24 months
.A new client secret key must be sent to Tribal before the expiry date to prevent service interruption. -
Send the Tribal Platform tenant and core branding request document to Tribal. Do not copy the client secret key to the Tribal Platform tenant and core branding request document, you can add contact details to the document to arrange secure communication of the client security key to Tribal.
Set up groups
By default, Tribal Platform only has the EdgeAdministrator group. Therefore, you must create the EdgeAdministrator group in Entra ID and create the user groups required by your institution. Then, log in to Tribal Platform using an account in the EdgeAdministrator group and add your user groups in Tribal Platform.
To set up groups in Entra ID, you require the following:
-
An Entra ID account with administrative permissions to manage users.
-
The names of the groups required by your institution. Note that group names must not have spaces.
Attention.For full details on adding app roles and assigning users to app roles, go to Add app roles to your application and receive them in the token.
Set up groups as follows:
-
Entra admin centre, go to App registrations and then select the application, such as TribalPlatform.
-
Add an app role for the Edge administrator group. Select App roles and the add the values required for the group are described in the table App role for the EdgeAdministrator group.
App role for the EdgeAdministrator group Field Description Display name Enter the display name for the app role, such as Edge administrators. Allow member types Set to Users/Groups so that the app role can be assigned to users. Value Enter EdgeAdministrator, without spaces. Description Enter a description such as Edge administrator with full permissions in TribalPlatform
.Do you want to enable this app role? Select the checkbox to enable the role. -
Add an app role for each user group. The values required for the group are described in the table App roles for the user groups.
App roles for the user groups Field Description Display name Enter the display name for the app role, such as Applications supervisors. Allow member types Set to Users/Groups so that the app role can be assigned to users. Value Enter name of the group, such as ApplicationsSupervisors, without spaces. Description Enter a description such as Application supervisors for all desks in TribalPlatform
.Do you want to enable this app role? Select the checkbox to enable the role. -
Assign users to the group in Entra ID. Go to Application registrations and then TribalPlatform and then Users and groups, and then select Add user.