Adding External Users to the KORE Intelligence Platform via Azure/Entra (Standalone)

This document outlines the steps required to add external users to the KORE Intelligence Platform when using Azure/Entra ID. It is intended for customer administrators responsible for managing users across Azure/Entra and the KORE Intelligence Platform. This document is applicable for Standalone instances of the KORE Intelligence Platform.

Key Definitions

• External User: A user from a different Azure/Entra domain than your primary tenant.
• KOREAuth: Two Circles' identity platform used for handling SSO and authentication across the KORE Intelligence Platform.
• Global User Id: A unique identifier used by the KORE Intelligence Platform to associate a user with their identity across systems. This value must be set for SSO to function.

Prerequisites

• SSO must be enabled between KOREAuth and the primary Azure/Entra tenant.
• You must have administrator access to:
  • Azure/Entra ID (for managing users and domains)
  • The KORE Intelligence Platform

Step 1: Notify Two Circles of External Domains

Before adding any external users, you must inform Two Circles of each external domain that will be used (e.g., @partnercompany.com).
This allows Two Circles to configure domain redirection for SSO purposes.

Note: This only needs to be done once per external domain, not per user.

Step 2: Confirm Claims in the response

The Claims in the response from Azure/Entra are different for External Users, and doesn't include the UPN Claim. KOREAuth needs the following Claims for External Users in the response when logging in:

• Email | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress or emailaddress
• Username | preferred_username or http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
• Identity Provider | http://schemas.microsoft.com/identity/claims/identityprovider

Step 3: Add the External User to Azure/Entra

• Invite the user as a External user to your primary Azure/Entra tenant. See https://learn.microsoft.com/en-us/entra/external-id/b2b-quickstart-add-guest-users-portal for Microsoft documentation.

• Once accepted, the user will have a username that looks like:
  first.last_EXTERNAL-DOMAIN.org#EXT#@PRIMARY-DOMAIN.onmicrosoft.com

   

Step 4: Add the User

• In the KORE Intelligence Platform, Navigate to the Users page and add the click the "+ New User" button
• For the Email, it should be in the format user@partnerdomain.com
• Assign a Role to the user
• Save
• Review the new user, and confirm that the Global User Id is not empty
  • If the Global User Id is empty, might need to Reset the User Login (See below)
• At this point, the user should be able to access the system via https://sponsorship.koresoftware.com 

Troubleshooting

• If the user is unable to sign-in, and receives an error like "You were successfully Federated, but the user '{username}' could not be found in KOREAuth":
  • Validate there is a value in the field "Global User Id" on the user record. If there is, may need to Reset the user login (see below)
  • If still unable to access, please contact Two Circles Support for assistance

• If the user is able to sign in, but receives a "Permission Denied" error

  • Validate the user is assigned a Role
  • If still unable to access, please contact Two Circles Support for assistance

   

Reset User Login Process

1. Click the “...” (overflow menu) in the top right of the user record.
2. Select “Reset User Login”.
3. This sends a registration email to the user and begins the identity linking process via KOREAuth.
4. The Invitation Status will change to Pending until the user completes registration.

Note: The user has 48 hours to complete the registration. If they do not, you must repeat the “Reset User Login” process.