Overview
Request Access Workflow allows you to configure the Request Access option on the CAM UI. This enables you to access any MS Team with or without approval based on your configuration.
Prerequisites
You need to assign a Role to view the Request Access option on the CAM web UI. For more information on Configuring Permissions in CAM, click here.
You need to assign a Role to access the Team Request Access option on the CAM Team App. For more information on Configuring Permissions in CAM, click here.
Configure-Request Workflow for MS Teams
Navigate to Administration.
Click Request Workflow Configuration. The following screen opens where you can customize the following operations:
View the added dialog list.
Configuring Request Workflow.
Configuring Request Workflow in Desksite.
Add New Dialog for MS Teams
Allows you to configure a new dialog.
Click New Dialog. The following screen opens:
Field | Description |
---|---|
Dialog Name | Enter the name for the workspace dialog. Note: The label that is displayed at the top of the dialog. |
Set as Default | Select Yes to set the workspace dialog configuration as the default configuration based on Action Type to be applied to all workspaces. E.g. User can set a default dialog for Create Workspace and another default dialog for Create Team action type and so on. |
System | Select the external system as Office365 from the list to use for this dialog. |
Action Type | Select the type as Request Access of the wizard from the dropdown. |
Click Next to create the new dialog
Note: User can customize the dialog details in the provided accordion. For more information on Customizing the dialog accordions see Configure Request Workflow Customizing-the-dialog-accordions
Important: To create MS Team workspace through Request Access, you need to configure the Office365TeamIdCollection unique metadata.
The Office365TeamIdCollection will also be used in a workflow for Deny Access.
Configuring Unique Metadata
This allows you to add unique metadata to the workspace dialog created here. This metadata is displayed in the selected panel.
In the Add Unique Metadata panel, click the Add New button in the far-right column to assign unique metadata to the panel. In the screen that opens, fill in the following fields:
Fields | Description |
---|---|
Metadata | Select the Metadata value from the dropdown list for the operation you want.
|
Default Value | Enter the default value to be assigned to the metadata value. |
Is Hidden | Select the Hidden status value. |
Is Read Only | Select the read only value. |
Display Label | Enter a display name for the metadata. Make this as specific as needed to differentiate between similar metadata names that may exist. |
Help Text | Enter help text to be displayed as a tool-tip on the custom field. |
Type | Select the type of metadata from the drop-down. Options include:
|
Look Up | By default Look up value is No for selected metadata value. |
Order | Set the order of the metadata to be displayed on the panel. |
Panel | Select the panel for the metadata to be displayed. Based on the selection here the fields will be displayed in the panel. |
Editable | Select Yes to allow the metadata value to be edited in the workspace dialog. |
Lock Existing Values | This option doesn't allow users to create a new workspace using previously added values of specific metadata, locking the existing metadata. When a new Unique Metadata field in Configure Wizard is added, the option to Lock Existing Values displays. If Lock Existing Values is selected as Yes, Create a new value option should be automatically selected as Yes. The option No should be disabled. Also, the Default Value option is disabled. If the Metadata with Lock Existing Values option is 'No', then users can only add values to Metadata by clicking the '+' button. After the user enters values for that Metadata, there is a validation to check if that value already exists. If the value already exists, the user should not be able to save that value. E.g. Lock existing set to yes and is parent set to yes, means the unique metadata field matter will not allow inputting duplicate matters if any parent matters exist. If no for parent, and yes for lock, then if the metadata exists in entire system, then the value can't be added. |
Click Save to add unique metadata or click Cancel to close the dialog
Tip: The below table shows the metadata to be used for different operations. When configuring your request workflow, select the one that matches your desired operation.
Metadata | Operation |
---|---|
Office365Team | Used to rename an existing team with a request workflow. |
Office365Group | Used to create a workspace with a request workflow. |
Office365TeamIdCollection | Used to request/remove access with a request workflow. |
Viewing Request Access on CAM UI
After the request workflow is configured, launch the request workflow to access an option Request Access in the configured external system.
Click the plus sign on the top-right corner of the screen.
Click on Request Access.
Note: The workspace drop-down dialog is displayed, if there are more than one workspace dialog configured in the workspace wizard configuration.
Note:
The Office365TeamIdCollection Metadata dropdown auto populates according to the Client-Matter selected.
The Teams dropdown auto populates according to Client-Matter selected.
If there is only one Team available the dropdown will be auto populated.
For multiple Teams, the dropdown will show the teams that are linked to the Client-Matter, and when selected, it will populate the Office365TeamIdCollection according to those teams.
Removing Access from a Team
The "Office365TeamIdCollection" metadata allows for better management of a user in a team. For example, if the metadata flag is set to true, then the logged-in user’s teams that he/she is a member of will display in the lookups in Request Workflow.
A check has been added so that if the user is in the CAM Admin role, they can see all Teams. This will allow CAM Admins to remove users from Teams where they are not members.
The wizard will present the list of team members in the Security panel, based on the team selected from the drop-down list, whether the user is an external user or not.
A request can go for approval to designated approvers if that is configured in the workflow, or simply submit the job into CAM if the user does not require approval.
There is an option to Add/Remove users with admin roles as: Yes/No
If the users are accidentally removed, then you can add them back to the team
To remove access:
Add the Office365TeamIdCollection metadata on the configuration of the request workflow for the Remove access wizard.
When the user adds the Office365TeamIdCollection, it will show the Teams based on the client and matter (Client and Matter is a required field to view any team).
The user is part of that team or should be a user with permission (allowed Workspace Search As Admin) to view the team.
If Workspace Search As Admin is allowed, you can view any team even if you are not part of that team.
If Workspace Search As Admin is Deny but you are part of that team, you are still able to see that team.
On the Remove access wizard, when the user selects the Team from the lookup, on the Next dialog the team members will be present in the Security panel.
If we have approvers in the wizard for the request workflow (workspace), the request needs to be approved by the approver(s). If we don’t have approvers in the wizard, the request workflow (workspace) will proceed.
Note: Keep the following in mind:
You will not be able to remove all admin users: at least 1 admin user is required in the team.
When you try to remove the last admin member from the list, a notification will be shown: "The Team must have at least one user with an Admin role. Please add at least one Admin user back to the Team."
Token Users are automatically populated on the member list and cannot be removed.
Accessing a Team
After creating MS Team workspace, navigate to CAM within MS Team
Navigate to Directory
Click the New Request drop-down .
Click Request Access to get access to a specific Team based on the configured external system.
Enter the name of the configured Team name.
Click Next to navigate to the next screen. The configured Panel will be displayed with the added user.
Click Next, to navigate to the next screen.
Review the configured Team and user.
Click Submit to access the MS Team with or without approval.
The Job will be completed successfully, your Team App will be ready to access if no approval is configured.
Note: If you set approver, the once you access a team, the request will send to approver, once approver approve a request then you can access the requested Team.