What will be the possible ways?
What will be the best way to do it ?
Hi Raj Sharma,
https://success.outsystems.com/documentation/11/developing_an_application/secure_the_application/end_users/end_users_authentication/configure_azure_ad_authentication/?_gl=1*tq3gsq*_ga*MTc1NTIyNDYwNC4xNjc1MDY4NTQ5*_ga_ZD4DTMHWR2*MTY4MDc1NjIzMC4xODMuMS4xNjgwNzU4NzUwLjU0LjAuMA..
Please check this link and flow Configure user roles in the Users app.
Thanks,
Ramesh
Thanks for sharing this link, this is clear that AD group will be created in User app and then we need to assign roles to that group.
But is there any other way?
hi @Raj Sharma
To check the user's role after authentication, you can use one of the following methods:
Use Azure AD groups: You can assign users to Azure AD groups based on their roles (agent, verifier, manager) and configure your Outsystems application to check the user's group membership after authentication. This way, you can manage roles centrally in Azure AD and avoid duplicating roles in your application.
Use claims: You can configure Azure AD to include user roles as claims in the SAML token that is sent to your Outsystems application. Your application can then extract the roles from the token and use them to determine the user's permissions.
Call Azure AD Graph API: After authentication, you can make an API call to the Azure AD Graph API to retrieve the user's roles. This requires additional development effort and configuration, but it provides more flexibility in managing roles and permissions.
The best way to implement role-based authorization depends on your specific requirements and constraints. If you already have Azure AD groups defined for your roles, using groups may be the easiest and most efficient solution. If you need more flexibility in managing roles, using claims or calling the Graph API may be more appropriate. It is recommended to evaluate each option based on factors such as security, scalability, maintenance, and development effort.
Another way to check the user's role after authentication is to use OutSystems' built-in user management functionality. OutSystems allows you to define roles and permissions at the application level and associate them with individual users or groups of users. You can then use the built-in functions and expressions to check the user's role and permissions in your application logic.
To implement this approach, you would need to create roles and permissions in your OutSystems application that correspond to the roles defined in Azure AD (e.g., agent, verifier, manager). You can then associate each user in your OutSystems application with the appropriate role based on their Azure AD group membership or claims.
Once the user is authenticated and their role is determined, you can use the built-in functions and expressions to check their permissions and control access to application functionality accordingly. For example, you can use the CheckRole or HasRole function to check if the user has a specific role, or use the CheckPermission or HasPermission function to check if the user has a specific permission.
Overall, the best approach depends on your specific requirements and constraints, as well as your existing application architecture and user management practices. It is recommended to evaluate each option carefully and choose the one that best meets your needs.