Skip to main content

New workflow cluster management for existing groups

Documentation for handling the Azure AD related groups in the Azure portal for ensuring CMD portal access and access to workflow clusters to users and in the CMD portal.

The steps to create a new group/rename

  1. Step 1 - CREATE ROLE

    1. Go to http://portal.azure.com and open the App registration of the respective environment.

    2. In the app roles create a new role

  2. Step 2 - CREATE GROUP

    1. Now go to Groups and create a new group if it's not already present

    2. Assign the owner and member to new group based on other groups

    3. After creating the group bulk upload the members. If you have a requirement for renaming then export members from the old group and import to the new one.

  3. Step 3 - ASSIGN THE GROUP YOU CREATED WITH THE ROLE YOU CREATED

    1. Now Go to Enterprise Applications and search for ModernCMDPortalSIT as an example env. Then go to users and groups, search whether the group is already added, and if not then click on the + Add user/group button and link the new group you created in Step 2 with the role you created in Step 1.

The result would be that the users in the group when they will log in to the CMD portal will get the role value, and will be able to access the workflows specific to that cluster group name.

For your reference example requirement - CMD1-5096 -Area code changes In Progress

Here the area codes need to be renamed to new names. It is a breaking change - i.e. renaming any group is not straightforward.

Please note - You also need to change the Access Center config and add the new role and give all the same permission that were present in the old role to new role, so as to give the new users access to the same screens in the CMD portal in each of the env.

Current problem or important things to note in this approach

  • The new users if added only to the new role in Azure AD then they will not be able to see the old workflows unless they are added also to the old group. Example- new users needs to be added to both CMD_AEC and CMD_UAE so that they will be able to see the older workflows.
  • This is a rare change and there is no straightforward way for migration of workflows to new group name. So thats why we are keeping both the group names.
  • Once the workflows are older and no longer required by ADs, then they can refer the workflow report. At that time the older groups from Azure AD can be deleted.
Was this page helpful?