EUM Group Management for Internal (Staff) Users - EUM 4.1

Note: This article is for EUM 4.1

Problem: Internal Users cannot manage groups view the EUM SPFx Webpart in SharePoint

Solution: EUM 4.1 does not support the management of internal users within the UI, and therefore we need to create underlying Azure AD Security Groups to setup this sort of access. By creating an AAD group and assigning it as an owner of the EUM group, the internal user is then able to login to SharePoint site and the webpart shows the users within and gives them the ability to add, edit and remove users from that role.

1. Login to EUM Landing Admin with EUM Admin account Click Add Group - Fill in the Group Name and Display Name with a name that includes Owners (so you know that is the purpose of the role). This will create an Azure Active Directory Security Group with the same name
2. Login to https://portal.azure.com/ with an Admin account and navigate to Azure Active Directory > Groups and search for the Group created above
3. Click into the group and copy the Object Id of the Security Group (Below is a sample group)
   
4. Return back to your EUM Landing Admin Window and search for the group you're looking to assign the Security Groups ownership to. Scroll to the Owners section of the Group Details page. Click + Add Owner. Input the following settings pasting in your object id copied in the step above. Click OK and you'll see a new entry in the Owners table within the Group Details page.
   
5. Return to Azure Active Directory and Add the internal user to the Owners Security Group as a member. EUM will then capture this new claim and when the internal user is logged into EUM Landing Admin, they will only see Group Owner privilages, instead of all application settings and or if they login to the SharePoint site, they should have group owner permissions within the SPFx webpart.