KeyNect Set-up

The customer’s IT department will be responsible for creating and maintaining the user accounts/roles within the customer’s Entra ID tenant within their Azure Portal.

KeyNect Licencing

Anyone wanting to use KeyNect must purchase licences from Omfax for each user. Users accounts cannot be shared across multiple users. Please contact Omfax Support for more information.

KeyNect Access

KeyNect users do not require additional usernames or passwords as it uses Microsoft credentials to login (the same details used to login to Outlook or another Microsoft account).

Users must log into the KeyNect portal as one of the Customer Roles as mentioned below (Admin, Standard or Read-Only) in order to create calls or access their relevant areas.

Microsoft Entra ID

The customer will need to provide Omfax their tenant Id for their Entra Id tenant to which the KeyNect users will belong to and preferred email domain.

All users of KeyNect must be logged in via Microsoft Entra ID and must be business users (i.e. in a tenant of their own - not a Home or Hotmail user). Users will be invited from KeyNect's Entra ID tenant to join the KeyNect application users.

Entra ID User Set Up

Users are assigned roles created within the ‘KeyFax KeyNect’ application definition within the Azure 'Omfax Systems Ltd - Apps Tenant'. These roles (along with the app) only become available once a 'Global Administrator' user from the customer's Azure Tenant has given Admin Consent to KeyFax KeyNect.

A member of your IT Team must follow the process below:

1. Login as a user with 'Global Administrator' role for the customer's Entra ID tenant within the Azure Portal.

2. Copy the tenant ID for their tenant and add to the URL in 3, below.

3. Navigate to and login as the same user used above (in 1): https://login.microsoftonline.com/[customer-tenant-id-goes-here]/v2.0/adminconsent?client_id=1e05bf31-0cf5-426c-bcb4-dbe2abd3af42&redirect_uri=https://keynect.biz/Welcome&state=12345&scope=User.Read%20access_as_user

4. Give admin consent where this information is then displayed (by pressing the 'Accept' button)

1. This will create a service principal for the application within the customer's own tenant

2. Switch back to the Azure Portal and search for the 'Enterprise Application' 'Keyfax KeyNect'

3. Navigate to the 'Users and groups' blade within the 'Keyfax KeyNect' 'Enterprise Application'

4. Click on 'Add user/group' - from here the customer may assign the following roles to any users within their organisation (whether those users are invited guests to the customer's tenant or created within the customer's tenant):

   • 'Customer Admins'

   • 'Customer Users'

   • 'Customer ReadOnly Users'

   • Any other roles assigned will [in most cases] not be supported (e.g. those roles postfixed with (Development) or (Test) as these are only available via prior arrangement with Omfax Systems Ltd. To keep things simple a test environment for KeyFax should be set to work against the production version of KeyNect - only where specific upgrades to KeyNect are required to go through Test might these extended roles be an option for customers and only by prior arrangement)

5. From this point forward it is the responsibility of the customer's IT department to manage the users and roles (and therefore access) to the 'Keyfax KeyNect' application. A user with no roles will still be able to 'see' the KeyFax KeyNect application but is limited to the About page only.

Omfax will monitor the number of concurrent users per month to give an indication of adherence to the license agreements with regard of number of users.

KeyNect User Roles

There are three types of user roles within KeyNect.

Entra ID - Azure Portal

Below are some examples of what the customer can see in their Azure Portal for KeyNect.

Automatically (optionally) allow users to request access by simply visiting the site and trying to login – when they do this the assignation of a default Role (e.g. ‘Customer User Read Only’) can also be configured to occur automatically using this page:

Users can be given specific login flows (with or without two factor authentication – 2FA) depending on their user groups within their organisation (e.g. CPN workers can be forced to use 2FA whilst internal network users need not):

User’s login history can be tracked from with Azure by the customer without needing to resort to KeyNect reporting (accurate reporting [over date ranges] of logins can be viewed or data exported):

Changes to permissions/roles can be reported on using Audit Logs within Entra ID for the company:

Call-Centre - Subcontractor User

KeyNect supports the concept of authorised users from another organisation having call-centre rights to use KeyNect on another company's behalf via Keyfax.

This is intended to allow external call-centre contractors to have access to make video calls from Keyfax using KeyNect against a central account managed by the main licensor.

External User (e.g. Out of Office / On Site Engineer)

KeyNect supports the concept of authorised users from another organisation having access to video call resources (videos and images) that they did not themselves create.

This is intended to allow external site-contractors to have read-only access to those resources as required. These users can choose to have read-only access only, or purchase licenses to make their own video calls.