Managing users#

Add users to the Data Safe Haven#

Important

You will need a full name, phone number, email address and country for each user.

  1. You can add users directly in your Entra tenant, following the instructions here.

  2. Alternatively, you can use dsh users add to add multiple users from a CSV file with columns named (GivenName, Surname, Phone, Email, CountryCode).

    • (Optional) you can provide a Domain column if you like but this will otherwise default to the domain of your SHM

    • ⚠️ Phone must be in E.123 international format

    • ⚠️ CountryCode is the two letter ISO 3166-1 Alpha-2 code for the country where the user is based

Example CSV user file

GivenName;Surname;Phone;Email;CountryCode
Ada;Lovelace;+44800456456;ada@lovelace.me;GB
Grace;Hopper;+18005550100;grace@nasa.gov;US

$ dsh users add PATH_TO_MY_CSV_FILE

List available users#

  • You can do this from the Microsoft Entra admin centre

    1. Browse to Groups ‣ All Groups

    2. Click on the group named Data Safe Haven SRE YOUR_SRE_NAME Users

    3. Browse to Manage ‣ Members from the secondary menu on the left side

  • You can do this at the command line by running dsh users list:

    $ dsh users list YOUR_SRE_NAME

    which will give output like the following

    ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━┓
┃ username                     ┃ Entra ID ┃ SRE YOUR_SRE_NAME ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━┩
│ ada.lovelace                 │ x        │ x                 │
│ grace.hopper                 │ x        │ x                 │
│ ursula.franklin              │ x        │                   │
│ joan.clarke                  │ x        │                   │
└──────────────────────────────┴──────────┴───────────────────┘

Assign existing users to an SRE#

  1. You can do this directly in your Entra tenant by adding them to the Data Safe Haven SRE YOUR_SRE_NAME Users group, following the instructions here.

  2. Alternatively, you can add multiple users from the command line using dsh users register:

    $ dsh users register YOUR_SRE_NAME -u USERNAME_1 -u USERNAME_2

    where you must specify the usernames for each user you want to add to this SRE.

    Important

    Do not include the Entra ID domain part of the username, just the part before the @.

Manually register users for self-service password reset#

Tip

Users created via the dsh users command line tool will be automatically registered for SSPR.

If you have manually created a user and want to enable SSPR, do the following

  • Go to the Microsoft Entra admin centre

  • Browse to Users ‣ All Users

  • Select the user you want to enable SSPR for

  • On the Manage ‣ Authentication Methods page fill out their contact info as follows:

    • Ensure that you register both a phone number and an email address

      • Phone: add the user’s phone number with a space between the country code and the rest of the number (e.g. +44 7700900000)

      • Email: enter the user’s email address here

    • Click the Save icon in the top panel