Setting Up Roles

Roles are utilised within Sensium Connect+ to align with the requirements of Microsoft Entra SSO. The roles allow providing permission to View, Edit, and send Commands to different Fleets, as well as other permissions. For each role created in Microsoft Entra, it needs to be created in Sensium Connect+.

Before creating additional roles beyond the initial “admin” role in your Microsoft Entra App for Sensium Connect+. Please meet with your fleet managers, and a Sensium OnBoarding Specialist. The creation of roles, requires fleets to be appropriately created, and available for permissions to be set under each role. The creation of fleets should be a well planned excercise to make sure that the correct user permissions can be created, that the correct services can be applied to the correct Assets, and that billing is performed correctly. Roles, Fleets, and Billing all effect each other.

Roles must be mirrored by value in both Microsoft Entra, and Sensium Connect+ for your account.

Any role that is created, and applied to a user in Microsoft Entra MUST exist in Sensium Connect+. The “Role ID” in Sensium Connect+ and the “Role Value” in Microsoft Entra should have a 1 to 1 relationship. That is, each role ID in Sensium Connect+ needs to be unique within your Sensium Connect+ account, and each Role Value in Microsoft Entra needs to be unique within the App Roles to Sensium Connect+

Creating Roles In Microsoft Entra

From Microsoft Entra;

  1. Select App Registrations on the left hand side menu.

  2. Select “All Applications”

  3. Find and select the application based on the name provided in the step “Create the Entra Application”

  4. Select “App Roles”

  5. Click “Create App Role”

  6. Provide the role with a Display Name.

  7. Select “Users/Groups” in the “Allowed Member Types”

  8. Provide a unique value. This value can’t have spaces. Typical Microsoft ways of create a value is “highlevelfunction.property” for example, if this were to provide access to a specific fleet, or group of fleets, it might be something like “fleet.fleetname” or “pool.auckland” for the pool fleets in Auckland.

  9. Provide a usable description, The description and Display Name are for your own internal usages.

  10. Select "Apply"

At a minimum, please create a role with the role value of “admin”.

Creating Roles In Sensium Connect+

Before you can complete this part, you will need to have applied the role “Admin” to your user account that will be logging into Sensium Connect+ to create roles.

  1. Login to Sensium Connect+ by clicking on “Sensium Connect+” on the following link: https://www.sensium.com.au/connect

  2. Enter your email address for your organisation that you login to your Microsoft services with and click Continue.

  3. You should be redirected to your Microsoft account login screen. Select the same account, and login to it using your Microsoft details.

  4. Upon successful login with the required roles applied, you will be redirected to Sensium Connect+ home screen.

  5. In the left menu select “Roles”

  6. In the top right hand corner select “Add Role”

  7. Provide the role with a name, the name is Alphanumeric and can contain spaces. It is best to align the Role Name with the “Display name” you enter when creating a Role in Microsoft Entra.

  8. Provide a Role ID. The Role ID MUST match the “Value” you created for your role. If the Role ID doesn’t match a “Value” in a role in Microsoft Entra, it can’t be applied to any users.

  9. Select the tick box “Admin” if this role should apply the admin value to the users it applies to. It is typically best to leave the “Admin” role to be applied purely from the “Admin” role on its own.

  10. Add any phone numbers that should be receiving SMS for alerts.

  11. Add any Email Addresses that should be receiving the alerts, and reports that are assigned to this role. Typically, a distribution email address for a group in your Microsoft Entra system is best to be applied rather than individual user emails.

  12. Set the TimeZone for where the Role is primarily based.

  13. Click “Create Role”

  14. Select “Manage Fleets”. You will now be presented with a list of the fleets that exist for your account. To apply a fleet permission to this role, you must first tick the “Select” box beside the fleet, and then select the “Read”, “Write”, and “Execute”. Read will allow a user to see the vehicles and view them on the map. “Write” enables the the user to update the Assets, such as change their name, update the odometer, and move them to other fleets. If a user has “Write” permission, it is recommended to give them “Read” permission. “Execute” is for vehicles that utilise Sensium’s Mobility functions, such as Lock, Unlock, and Disable features. If a user has these permissions, and your fleet is configured and wired for Sensium Mobility, this permission will allow the user to remotely Lock, Unlock, Enable, and Disable the vehicle from the Status page.

  15. Click Save Changes.

Once all roles created in Microsoft Entra have been created in Sensium Connect+, you can then move to “Applying Roles to Users”.

PreviousSSO Integration within Entra ApplicationNextApplying Roles To Users and User Groups

Last updated