Claned has an Azure AD integration for authentication and authorization. In practice, this means that we can integrate with your Azure Active Directory tenant with little configuration and no development. Our AAD integration is a paid extension to your Claned subscription, please contact support@claned.com to get started.
This has two benefits:
- Users can seamlessly log in using their own Office365 accounts
- Admin view gets group information in real time. This is convenient, because this means the you only have to maintain information of who belongs to what group in your own Active Directory, and we'll automatically sync that information to your organization in Claned
Introductory knowledge
To give some intuition of how the integration works, here’s how the data flows.
- A user goes to the Claned login page. They click the “Log in with Office365” option.
- Claned knows the tenant ID of your Claned organization and directs the user to the Microsoft login page.
- The user logs in successfully and is redirected back to Claned.
- At this point, Claned gets the user’s information about their profile and to which AD groups they belong. Claned then knows what groups this user should be in, which directly affects what boards the user sees.
Sharing boards to an AD group
A user with admin rights can share a board to a specific AD group. A board must be shared to any given AD group for the group to appear in the organization admin view. This works similarly to regular board sharing to groups. This can be done by following these instructions:
- Open a board and click "Share"
- Then, select to share to an organization, and share to specific groups
- You will be presented with a search function
- When searching, Claned will look for groups directly from the AD tenant. I.e., this is not information that exists in Claned.
- After a group is selected and shared to, a corresponding group is created in the Claned database and the group is visible in the organization admin view.
- Any changes to the group on the Claned side will not affect AD, but any changes to the group in AD will affect Claned.
Instructions on how to integrate with Claned
Below are steps to take to complete an AD integration. The key thing here is that we need approval for Claned to use the information from your AD. This approval needs be done for a specific tenant ID and by someone who has admin rights for your AD instance. Claned has a built-in feature for the approval, but for it to be usable, we need an AD admin to register for Claned and to configure the correct tenant ID to our backend. Otherwise, Claned doesn’t know where the approval should be requested from or on whose authority.
- Provide us with your AD tenant ID. This should be easily retrievable from your Azure Portal.
- Once we have the tenant ID, we will configure it for your Claned organization.
- Once this is complete, we will invite your AD admin to the Claned organization and ask that they register a Claned account. It’s important that you use the correct Office 365 account here when registering, otherwise the approval won’t be possible.
- After registration, we'll give you admin rights for your Claned organization.
- Then, go to the Advanced-page of the organization admin view and select “Enable AD groups” in the AD Groups section
- You'll see a popup, requesting the correct rights for Claned. Click approve.
- Share a board to a relevant group, and the group (and members) will appear in the organization admin view.
All done!