Summary


It is highly advisable (while not always absolutely critical) to first run Cloud Drive Mapper as a Global Administrator.


From Cloud Drive Mapper v.2.2.3.18 onwards, IAM Cloud has introduced a new authentication flow methodology in-line with Microsoft best practices. This means that during the initial first run of Cloud Drive Mapper there is an application that gets installed into AAD (Azure Active Directory) Enterprise Applications.


Registering the application with your Azure Active Directory puts the security controls for what applications can access with you. IAM Cloud only has basic level permissions and does not have any more access than is absolutely necessary. Registration with AzureAD allows Cloud Drive Mapper to access the information using delegated authentication from the user, meaning your application always stays secure preserving conditional access and MFA you may have configured within Azure or any other Identity Provider.


Until a Global Administrator runs Cloud Drive Mapper, Admin Delegated rights will not be authorised, and each subsequent user will be prompted once for permissions (see below).


Should Cloud Drive Mapper be first run by a Global Administrator, then Cloud Drive Mapper will ask the admin to delegate rights (for the Azure app) for the whole organisation, this means each subsequent user will NOT then be further prompted for application permission rights and will instead follow a simple log-on process.

IMPORTANT: To make the TRIAL process simpler and more streamlined, we have disabled this process by default (it can be enabled manually).

IMPORTANT: By default ALL CLOUD DRIVE MAPPER CUSTOMERS have this permission check enabled (in versions 2.3 and above). If you do not have Global Admin rights, or have the ability to get your organisation's Global Admin to complete this process for you: please read this article. 

IMPORTANT: If you are a NEWLY PURCHASING CUSTOMER, we strongly recommend you go through this process before deploying the application to your users. 


Granting Permissions to Cloud Drive Mapper


Step 1 - Signing into Cloud Drive Mapper

Start Cloud Drive Mapper and authenticate where prompted, you should now see a dialogue screen as per images below:-



NON Global Administrator initial logon


                This dialogue is permission related for the individual user.



N/B if a user is met with the following screen, then application settings have been blocked by the Administration team and their help is required.

This article may help.

https://blogs.msdn.microsoft.com/aaddevsup/2018/05/08/receiving-aadsts90094-the-grant-requires-admin-permission





Global Administrator initial logon


                Note the extra "Consent on behalf of your organisation"

               




As a global administrator you will be asked to Accept Delegation permissions for the whole organisation, meaning subsequent users will receive a cleaner logon flow and will not be further prompted for grant access rights.

To further this flow see step 3



Step 2 - Azure Admin Consent Screen


Once the initial logon is done a screen such as shown below will appear, this should show success and can be closed.



Step 3 - Azure Enterprise Applications 

As a Global Administrator you should now be able to navigate to the following location :-

Azure Active Directory Admin Center > Dashboard > Enterprise Applications


You should now be able to see the installed Cloud Drive Mapper (V2) application




Once here, click on the application and click:-  Permissions


You should now see the delegated permissions as per image below.


(However, if a NON Global Administrator was the first person to use CDM, then these permissions will not be populated and each subsequent user will be asked to consent, to avoid this a Global Admin can use the "Grant admin consent" button to populate the permissions seen below, this will then stop users form seeing a consent prompt. )





If at anytime you need any assistance then please contact our support desk who will be happy to help.


IAM Cloud's Technical Support Team. 

Support Portal: http://support.iamcloud.com

Email us: support@iamcloud.com

Phone (UK): +44 118 324 0000

Phone (US): +1 914 495 1298


Any feedback on this article please contact customersuccess@iamcloud.com