Workspace Item Types
Overview
Before creating a WorkSpace item, an Item Type must be created to be assigned to the item. This guide will walk you through how to do that.
Decide on the WorkSpace Item Types:
- Configure relevant WorkSpace Item Types from which items will be created. The Workspace Item Type defines the default properties and behaviors for the Item (e.g., location, group type, icons, default naming patterns, and automations).
If using Active Directory Groups - you need to review where Groups will be created within Active Directory.
- A Workspace Item is represented by up to 2 groups in Active Directory.
- Group creation locations should be considered early when setting up the WorkSpace Service.
Active Directory Group Types
Resource Group:
- The group secured against the application or resource.
- Public/shared and private groups.
User Group:
- This is only used for public items in multi-tenant Active Directory situations.
- The User Group is a customer-specific group that contains only users for the specific customer.
- This group is then made a member of the Resource Group.
Creating WorkSpace Item Types:
Workspace defaults with a set of Workspace Item Types. Check these in Services > Workspace > Workspace ItemTypes as the list may already meet your requirements.
If you need to create new Item Types, click the Add button. You will be presented with a form with multiple fields to fill out.
- Display Name: The display name for the Item Type in Atria.
- Description: Description of the item type in Atria.
- Icon: An icon to be displayed across Atria. Icons can either be uploaded or selected from an icon reference library, such as Font Awesome (search for icons here)
- Resource Group Name: A naming convention that is inherited by Workspace Items. You can use variables within these such as
{ItemName}. Further information about the available variables can be found here. Workspace items created with this ItemType will use these names if not overridden. - User Group Name: Same premise as Resource Group Name.
- Resource and User Group Type:
The following table shows the different group types that can be specified for a Workspace Item Type.
| IDPType | IDPGroupType | Description |
|---|---|---|
| ActiveDirectory | GLOBAL DISTRIBUTION | Global Scoped Distribution Group |
| ActiveDirectory | GLOBAL SECURITY | Domain Global Scoped Security Group |
| ActiveDirectory | LOCAL DISTRIBUTION | Domain Local Scoped Distribution Group |
| ActiveDirectory | LOCAL SECURITY | Domain Local Scoped Security Group |
| ActiveDirectory | UNIVERSAL DISTRIBUTION | Universal Scoped Distribution Group (Exchange) |
| ActiveDirectory | UNIVERSAL SECURITY | Universal Scoped Security Group |
| AzureAD | Distribution | Exchange Online Distribution Group |
| AzureAD | MailEnabledSecurity | Mail Enabled Azure AD Security Group |
| AzureAD | Microsoft365 | Microsoft 365 Group |
| AzureAD | Security | Azure AD Security Group |
- Sort Order: This is used to order the list of ItemTypes in Atria.
Here is an example of an ItemType created for a printer:
And some further examples of ItemTypes:
Additional Mail Properties for Active Directory Distribution Groups
If Mail Enabled AD groups are created through Atria, the following properties can be added to the Item Type to automatically set an Email address and Alias for the group.
The following screenshot shows the two default properties that need to be set in order will use to determine that the group is mail-enabled and the pattern to use for the email alias.
| Property | Value | Description |
|---|---|---|
| Mail-Enabled | True | Provisioning Engine uses flag to determine whether or not to set email attributes on the group |
| defaultPrimarySmtpAddress | {ItemName}@{PrimaryDomain} | Pattern to use to generate a primary SMTP email address |
Dealing with Mail Enabled Groups
When groups are imported into Atria, Atria will leave email-related properties alone (e.g., permissions, email addresses). If Atria creates a mail-enabled group, only minimal properties will be set. Group mail features should be managed through the Atria Azure AD group management feature or via Office 365.
Terminologies
| Term | Definition |
|---|---|
| iDP Type | Identity Provider Type, out of the box this is EntraID and Active Directory |
| Indirect Group | An Indirect Group is created by the Workspace service. For Shared items, we will not put users directly in the root group. Within Active Directory, we will create a group then create a new group as a Member Of per customer. This means that users in different customers are still segregated, but can inherit resources allocated to the group. |
| Direct Group | A Direct Group is a group that is created specifically for one client. This will create a group within Active Directory which Workspace will put users directly into. |