Groups are the standard way to manage large sets of users, for example when a whole department needs to have access to a library. Groups greatly simplify the management of permissions, especially when users join or leave groups, as there is no need to update each set of permissions separately.
You can integrate Google groups and Microsoft groups in AODocs.
Learn more: Manage permissions with Google groups
Note: AODocs Content Services licenses are required to invite Microsoft users to collaborate on your AODocs domain. You must request activation of the feature. Contact our sales team at sales@aodocs.com to learn more.
This article describes how to manage permissions with Microsoft groups in AODocs.
Automatically generated table of contents
In which AODocs libraries can you use Microsoft groups?
You can use Microsoft groups only in Document Management libraries using Google Cloud Storage or Azure Blob storage. Learn more: Where is my content stored?
Note: We don't recommend using Microsoft groups in any other type of library or in libraries using Google Drive. However, you can add Microsoft users to Google groups. Learn more: Which users can be included in Google groups?
Which types of Microsoft group can be used in AODocs?
AODocs accepts the following types of Microsoft group on your Microsoft tenants:
- Microsoft 365 Groups: these groups have an email address; they don’t support nested groups
- Security groups: these groups don’t have an email address, instead they have an ID; they support nested groups
- Mail-enabled security groups: these groups have an email address and support nested groups
Note: AODocs supports nested groups, so if you select a security group or a mail-enabled security group with nested groups, AODocs can retrieve the users in nested groups as well as the top-level group.
Learn more from the Microsoft documentation about the different types of Microsoft group.
Important: AODocs doesn't support any other types of Microsoft group. If you enter the email address of a Microsoft group that AODos doesn't support, AODocs considers it as a single user. When you save, there’s no error message, but the permissions are not propagated to the users in the group. We recommend always using autosuggest to ensure you don't enter an unsupported group.
AODocs can connect several Azure Active Directories on one AODocs domain. This is useful if you work in an organization with several Azure Active Directories.
The list of groups on your tenant (or tenants) is refreshed every 6 hours. The list of the members of the groups is refreshed once a day.
Note: This is the exactly the same refresh rate as for Google groups.
Learn more: Limitations with Microsoft groups in AODocs.
Which features allow permissions to be set with Microsoft groups?
AODocs autocompletes the names of Microsoft groups and recovers the email addresses in the groups for the following features:
- document permissions
- library roles
- library permissions in Document Management libraries
- document class permissions
- workflow state permissions
- values of Person properties
- email notifications (only Microsoft 365 Groups and Mail-enabled security groups)
- data validation on custom Person properties
Note: You can enter the email address of a Microsoft group in a Person property when the Multiple values option is selected for a property. Learn more: Create custom properties.
Limitations with Microsoft groups in AODocs
The following limitations currently apply to Microsoft Groups in AODocs:
-
You can't use Microsoft groups for the feature access to AODocs for external users.
- Aliases aren’t supported.
- When you add a new Microsoft group (Microsoft 365 Group, security group, or mail-enabled security group) in your Azure Active Directory, it is not immediately available in AODocs. You must wait for the groups to be refreshed in AODocs before you can start using it (at most 6 hours).
- When you add a group in AODocs, a dialog appears when you hover over the group name. Normally the dialog displays the email address of the group. If you added a security group, which doesn't have an email address, the dialog displays the group ID as if it were email address. This is meaningless and should be ignored.
- It isn't possible to propagate permissions to guests in a Microsoft group. The guests are ignored and there's no error message.