If you want to be able to give external (guest) users the ability to create Atlas workspaces from ConneX you will first need to complete the following steps to configure the users as Members instead of Guests in Azure AD.
In this article:
- Default configuration
- Upgrade an External user to a Member
- Add the external users to ConneX AD groups
- Troubleshooting
Default configuration
By default, an external user will be classified as a Guest in Azure AD, and as a result will not be able to create workspaces in ConneX unless they are upgraded from Guest to Member.
They can be added to the ConneX permissions groups causing the New Workspace button to appear, but will still not have sufficient permissions in the back-end to successfully create a workspace. In this situation users will receive this message in the first step of workspace creation (when specifying the Title):
Response status code does not indicate success: 403 (Forbidden)
To resolve this you need to follow the steps in the next section for each affected external user.
Upgrade an External user to a Member
To upgrade an external user to a Member you'll need permissions to manage Azure AD on your tenant.
- Go to the Azure AD portal at https://aad.portal.azure.com/ and ensure you are logged in with an account that can manage Azure AD
- Click Users on the left-hand side:
- You'll now see the list of all users. The easiest ways to find guest users will be by name (if you already have the list of names) or by clicking Add filters above the list, then choosing User type and then Guest to show only guests in the list:
- Once you identify the user you need to upgrade, click on their name to open their profile, then click Edit at the top of the screen:
- In edit mode, scroll down to the User type field under the Identity section and change it to Member:
- Click Save at the top of the page:
Add the external users to ConneX AD groups
Now that the external user(s) have been upgraded to Members they can be added to the relevant ConneX AD groups for the roles they need to perform.
Please see a reference in the following article for the ConneX AD groups so you can add users to the right group for their role: What different types of Workspace are available in ConneX? – Atlas by ClearPeople (zendesk.com)
Members can be added to these groups via Azure AD where you completed the previous steps, or via the Groups section of the M365 Admin Centre.
Troubleshooting
If you have completed the user upgrade from Guest to Member and they are still having problems, there are a couple of things to try.
If the user was added to a ConneX AD group or accessed ConneX before you upgraded them, you may need to:
- Ask them to sign out and back in to M365 for their access tokens to be updated,
- Try to remove them from the ConneX AD group(s) and then add them back in again.
It is also possible that the user may now need an M365 license as they are no longer a guest.
If you're still having problems please contact your CSM or support team.
Comments
0 comments
Please sign in to leave a comment.