Skip to content

Azure Security Groups Assignment

Azure AD Security Groups are analogous to Security Groups in on-prem Windows Active Directory. They are Security Principals, which means they can be used to secure objects in Azure AD. They can be created natively in Azure AD, or synced from Windows AD with Azure AD Connect. Their membership can be static, or it can be generated dynamically with rules.

Note- This is an optional step, you can skip this step if you do not want to assign any security groups by clicking on the Save&Next button.

Security Group Assignment Step

Figure 1. Security Group Assignment step

How to create a Rule for assigning Security Groups to users?

Once you are on this step you will see a section under the heading Add user to Security Group. This section represents a rule based on which security groups can be assigned to selected users.

Define Security Group Mapping Rule Form

Figure 2. Define Security Group Mapping Rule Form

Following are the steps to create a rule -

  1. Firstly, you can set up the filters to select the users you want to assign Security groups to. You can create a filter using the following steps -

    • Click on "Choose Attribute" and select employee attribute and operation you want to apply to match that attribute.
    • Next, you get a "Value" field where you type the value you want to match the attribute with and also choose the OU you want to assign.

    Filter example

    Figure 3. Example of a filter

  2. You can add multiple filters using the "AND" and "OR" logic. These logics can be added using the : button present on the right of the value input field.

  3. You can add multiple rows of the above filters using + button inside the box.

You can add or delete more rules with different priority using the Add a rule or delete button respectively.

Add and Collapse Button

Figure 4. 'Add a rule' and 'Delete' buttons.

Adding default security groups to all users

Additional to rule based security groups, all employees will also be assigned with default security groups. Simply search and select the security groups you want to apply to the entire company.

Default Security Groups Box

Figure 5. Default Security Groups Box to add default security groups

Import And Export Mapping Rules

Using this feature, you will be able to import all the mapping rules by uploading a .csv or .xlsx file. Also, you can export all the mapping rules as a .csv/.xlsx file.

Import/Export button to import or export file

Figure 6. "Import/Export Mapping Rules" button.

To Import or Export a file you have to first click on Import/Export Mapping Rules button. Clicking on this button will open a Dialog box containing two tabs, one is for importing and other is for exporting the mapping rules. By default if the form is valid you will be redirected to Export tab otherwise the Export tab will remain disabled and you will be redirected to the Import tab.

Importing mapping rules

Steps for importing file:

  1. Choose Import tab from the dialog box.

    Dialog to import file

    Figure 7. Dialog Box For Importing .xlsx or .csv File

  2. Now Click on Choose File button to choose the file you want to import. Clicking on button will open file directory from which you can select .csv or .xlsx file.

    Choose file button to import

    Figure 8. "Choose File" button for choosing file to be imported.

    Widow Directory to choose file to import

    Figure 9. Windows Tab for choosing .xlsx or .csv File.

  3. After doing first 3 steps please wait while your file gets imported and rules get created.

Note - There is the specific format to import file. You can get the format by exporting some mapping rules.

Exporting mapping rules

Steps for exporting file:

  1. Choose Export tab from a dialog box.

    Choose Export Tab

    Figure 10. Dialog Box for Exporting File.

    Choose File Format

    Figure 11. File Formats To Export.

  2. Now Select the file format from the dropdown and click on Export button. Once clicked your file will get exported in the selected format and the name of the file will be Hire2Retire_SG_Mapping_(TimeStamp).

    Export Button

    Figure 12. "Export" button.

AI Insights for Azure Security Group Memberships

With RoboMQ’s new AI model, rule sets for Azure SGs can be seamlessly generated. Click the icon adjacent to 'Security Group Memberships' in the workflow, and fill out the form for more details. Upon submission, RoboMQ’s AI team will engage with you, craft rule sets, and deliver you as a CSV file.

AI button for Azure security groups

Figure 13. "AI" button.