Provide EUM Administrator Access to a user

To support you more effectively, we would request you to give us membership of the EUM Administrator group. The EUM Administrator Group in turn would have Owner Access to the EUM Configuration site, and we would request you to give it a Reader, Contributor, or Owner access to the EUM Resource Group within your Azure Portal.

The process would involve

• In Azure Active Directory – Add Cross-Tenant access settings for Envision IT Organization
• In Azure Resources – Permissions for EUM Administrators
• In EUM - Invite Envision IT Staff into your tenant
• In EUM - Give us membership to EUM Administrator Group

In Azure Active Directory – Add Cross-Tenant access settings for Envision IT Organization

We recommend that our clients invite our Staff into their tenant instead of creating separate accounts within their tenant and/or sharing credentials. In order to accomplish this in a secure and effective way, we suggest that clients configure B2B collaboration cross-tenant access with our organization.

Follow these steps to configure customized settings for specific organizations.

1. Sign in to the Azure portal using a Global administrator or Security administrator account. Then open the Azure Active Directory service.​
2. Select External Identities, and then select Cross-tenant access settings.​
3. Select Organizational settings.​
4. Select Add organization.​
5. On the Add organization pane, type the full domain name (envisionit.com) for the organization​
6. Select the Envision IT in the search results, and then select Add.
   
7. The Envision IT appears in the Organizational settings list. At this point, all access settings for this organization are inherited from your default settings. To change the settings for this organization, select the Inherited from default link under the Inbound access.
   

8. In the Inbound access settings, ​

   1. Select Trust settings ​

   2. Select Customize settings radio button​

   3. Ensure that Trust multifactor authentication from Azure AD tenants checkbox is checked.​

   4. Click Save ​

   5. Inbound access text should now change to Configured​
      

In Azure Resources – Permissions for EUM Administrators

We request permission of role Global Reader be assigned to the EUM Administrator group at the Tenant level. ​

• This will allow Envision IT Support and Customer Success teams to review Azure AD configurations as well as App Registrations​
• This will require that the EUM Administrator group be re-created with the isAssignableToRole property set to true.​
  

Request permission to assign one of the following roles to the EUM Administrator group at the EUM Resource group access control level. ​

• This will allow Envision IT Support and Customer Success teams the ability to review configuration and perform health checks​
  

In EUM - Invite Envision IT Staff into your tenant

• Login to EUM Admin site using Global Admin or EUM Manager credentials
• Click "Add New User" in the left hand Menu
  
• Fill in First Name, Last Name, and Email address of the user provided to you by Envision IT
• Display Name would automatically be generated
• Click Save
  

In EUM - Give us membership to EUM Administrator Group

You can provide EUM Administrator access so a user by the following steps:

• Login to EUM Admin site using Global Admin or EUM Manager credentials
• Click "Search Groups" in left hand Menu, and lookout for "EUM Administrator" group
• Click the "EUM Administrator" group to access the Group Details page
• Go to the Users tab in the Group Details page
• Click the + button within the "Group Members" section
• This will open a User Search Window. Search for the user you want to give EUM Administrator access, and add the user as a member to the Group
• The user would be seen added to the EUM Administrator group as a Member