Documentation

# Non Global Admin to reach /portal

The Epona365 Office (*.ep-web Container) /portal page is used to change the Epona365 Office configuration, these settings can only be reached by users who are a member of the Global Administrator group in Microsoft 365. This requirement is sometimes difficult to meet in organisations where Application Managers do not have the Global Administrator role. Epona365 Office 25.1 versions after April 2025 have been updated to support a new setting that allows you to define which EntraID group should be designated as the administrators group. It is possible to configure the "Epona365 API" EntraID app to include only a specific group in the bearer tokens. The steps below outline the procedure to create an Active Directory group with members that you allow to have access to /portal and /setup:

  • Open the Azure Portal https://portal.azure.com (opens new window)

  • Navigate to EntraID, Groups

  • Create a new EntraID group (like "EponaDMSAdmins") or select an existing one EntraDMSAdminsADgroup

  • Copy the group ObjectID for later use CopyObjectID

  • Navigate to Members and add the right member(s) to this group

  • Navigate to EntraID, Application registrations, Select Epona365.api SelectEpona365API

  • Select Manifest SelectEpona365APIManifest

  • Edit the manifest and set groupMembershipClaims to ApplicationGroup groupMembershipClaimsDirectoryRole groupMembershipClaimsApplicationGroup

  • Click Save to save the changes in the Manifest file

  • Navigate to EntraID, Enterprise Applications

Warning: Check if you have selected Enterprise Applications, not the Application Registrations. Ensure that the default filter on Enterprise Applications is off

CheckEnterpriseApplications

  • Select Epona365 api

  • Select Manage, Users and groups ManageUsersAndGroups

  • Select Add user/group

  • Add the group that contains the EponaDMSAdmins from the first step AddUsersAndGroups

  • Navigate to the Epona365OfficeRG resource group, select the container app prefix-ep-web, Create a new Revision with a new environment variable

CreateNewRevision

  • Select api SelectContainerRevisionAPI

  • Choose Environment variables

SelectEnvironmentVariables

  • Click + Add to add a new environment variable if the AdministratorGroups_0 is not yet defined SelectEnvironmentVariables

  • Add the AdministratorGroups_0 Environment variable

  • Name: AdministratorGroups__0

  • Source: Manual entry

  • Value: the object id from the first step

EnterEnvironmentVariables

  • Select Docker Hub or other registries in the Properties tab to be able to click Save SelectDockeyHub

  • Click Create to create a new revision with the new Environment variable

CreateRevision

# Confirmation /Portal configuration options are now available

How to check if the Global Admin change to an AD Group was succesfull? Previously the user visiting /portal would only be able to choose from the available DMS Configuration list subfolders NotEnterpriseAdminRoleHenceNoPortal

After the change the /portal Configurable settings are now available PortalAccessThroughGroup

Last Updated: 9/1/2025, 8:05:16 AM