To allow users to access OMS, the Active Directory user must be set in the TSA Officer Management System (LIVE) enterprise application in Azure AD. For more detailed information on enterprise application management in Azure, please visit the Microsoft document detailing application management found https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is- application-management. Users can be added directly to the application or by proxy via group membership if the user’s group is added to the application.
The two Azure Enterprise applications that need to be authorized:
TSA Officer Management System (Live)
IPS
Those are the Admin Consent URL’s, just replace the [tenantid] with your Azure Tenant ID.
For the TSA Officer Management System, you need to assign the “IPS Access” role to the group of users that need OMS access. Note the Role Assigned must be set to IPS Access to allow the user or group to access the IPS API that OMS uses to access the data. Permissions within OMS, what users can see and do, can be managed within OMS itself.
This application also controls access to the OMSContacts.salvationarmy.org web login, so you may want to leave it open for all users to get access to that.
If consent has not been given to the application yet, admin consent will need to be provided for the application before users and groups can be configured.
For those users that need IPS as well (less common), you have to specifically add the user to the IPS Azure Application. Not all OMS users should have access to IPS; verify permission access before adding the user/group.