Directory requirements
Please note the following considerations:
1E Servers must be domain-joined. The exception is a 1E DMZ Server where domain-joined is optional.
1E is supported in multi-domain, multi-forest environments.
Each 1E user requires an account in Azure Active Directory. Azure Active Directory accounts must have their userPrincipalName (UPN) attribute populated, which is normal but may be missing if user accounts have been created using scripts.
Users and approvers should have email addresses to support approval workflow and notifications. Email addresses are mandatory if Two-Factor Authentication (2FA) is enabled.
Azure Active Directory groups are recommended for role-based access control (RBAC) but are not mandatory. Azure Active Directory groups can be assigned to 1E roles after installation, they are not required during installation. Groups are not mandatory because users can be assigned to roles and managed within 1E instead of Azure Active Directory.
1E Setup assigns a limited set of permissions to the Setup user account (specified during installation/updates), as described on the Roles page which cannot be edited. It is possible to increase this user account to have Full Administrator access during installation/upgrade, 1E recommends that this user account is viewed as a service account and kept with the minimum permission.
An Azure Active Directory group is useful to configure access to the CatalogWeb Admin page, as described in Rebuilding the 1E Catalog .
Note
AD distribution groups are not supported.
If AD security groups are nested (groups within groups), they can slow down the performance of the 1E Portal for administrators. Therefore, we recommend nesting is not used, and each administrator and approver account is a member of a group used in 1E . You can improve performance further by disabling the recursive search used by 1E , bearing in mind this will not support nested groups. Please refer to the Post Installation page.
Domain Local security groups are not supported.