Permissions

Overview

The permissions menu allows you to configure the permissions for the access to the RADIUSaaS web portal.

RADIUSaaS leverages Microsoft Entra ID (Azure AD) as an identity provider for the logon-authentication to the admin portal. It does not store or manage its own administrator identities. The authentication is delegated to the corresponding Microsoft Entra ID (Azure AD) tenant of the provided UPN.

Therefore administrators enjoy the comfort of working with their own Microsoft Entra ID (Azure AD) accounts and do not have to setup additional accounts.

Please enter Microsoft Entra ID (Azure AD) UPNs in the provided fields and separate them with comma and space.

Example:

john.doe@contoso.com, peter.pan@contoso.com, jane.doe@other-aad-tenant.com

The wildcard "*" is also supported, and may be used to allow all users from a certain domain.

Example:

*@contoso.com

Roles

Administrators

Microsoft Entra ID (Azure AD) UPNs entered in this field have permission to access the RADIUSaaS admin portal. Permissions include:

  • See the dashboard and logging

  • See and change users

  • See and change settings including permissions

Viewers

Users can see everything but are not able to make any changes

Users

Users can access the Users portal, where they are able to create Users for them or their guests

Permissions consent

Users who log in to the RADIUSaaS web portal for the first time must grant RADIUSaaS permissions in their Microsoft tenant.

RADIUSaaS requires 2 permissions:

  • View your basic profile

  • Maintain access to data you have given it access to

There are two alternative ways to provide consent:

  • User consent Each user accepts the consent upon first login to the portal.

  • Admin consent An administrator can consent on behalf of the organization for all users.

User consent

If no consent has been given on behalf of the organization before by an admin, a user will see a permission request dialogue. This is a screenshot of the consent request, when logging in the first time:

Users can review or revoke this consent in Microsoft MyApps: https://myapps.microsoft.com

Administrators can review & revoke user consents in the Azure Portal (Enterprise Applications => RADIUSaaS):

Admin consent

Rather than requiring consent from each user, administrators can grant consent for all users on behalf of the organization, when logging in the RADIUSaaS web portal for the first time:

Alternatively administrators can grant the consent on behalf of the organization in the Azure portal (Enterprise Applications => RADIUSaaS). In Azure Portal, administrators can also review or revoke the consent:

PreviousRADIUS ProxiesNextUser Settings

Last updated