Chat now with support
Chat with Support

On Demand Global Settings Current - User Guide

Working with On Demand Overview of On Demand Signing up for On Demand Managing organizations and regions Adding users to an organization Managing your Microsoft Entra tenants and on-premises domains On Demand Home page Configuring settings Documentation roadmap Technical Support

Signing up for On Demand

On Demand is a Software as a Service (SaaS) application. SaaS is a software licensing and delivery model in which application software is licensed on a subscription basis. The On Demand software is hosted in the cloud by Quest Software and made available to users through the internet. This section contains information regarding signing up for the On Demand service.

Organizations and regions

On overview of organizations and regions. For details on configuring organizations and regions after you sign up, see Managing organizations and regions.

Signing in to On Demand

Information on how to sign up for On Demand and enable multi-factor authentication.

On Demand subscriptions

You must start a trial or purchase a subscription to begin using On Demand services.

Organizations and regions

On Demand management is based on the concepts of organizations. When you sign up for the On Demand service, you create an organization and you become the organization administrator. The organization can then subscribe to modules. Organization administrators can use the tools provided by the modules to perform administrative actions on Microsoft Entra tenants. You can add additional organization administrators and module administrators that have access to specific modules.

For most On Demand use cases, a customer creates a single organization. Multiple administrators and multiple tenants can be added to the organization.

Quest recommends having an external account added to an organization that could be used in case access is lost. This external account should be a Microsoft Entra account from a tenant that is different from any user accounts normally used to access an On Demand organization. For details see Microsoft’s documentation Manage emergency access accounts in Microsoft Entra ID.

Adding the same tenant to multiple organizations can result in conflicting application of policies and settings. When using multiple organizations to manage a tenant, the organization administrators must coordinate their management activities.

An Azure region is a set of data centers deployed within a geographic area. Selecting the correct region for your organization lets you achieve higher performance and supports your requirements regarding data location. Specifying the region for your organization determines the geographical region where your data is stored.

During sign up, you can choose the region where your On Demand data will be hosted. The following regions are currently supported:

For more information, see Geographic regions.

Signing in to On Demand

Signing into On Demand is done through Microsoft Entra ID. Authenticating through Microsoft Entra ID provides native granular control and allows you to manage your configuration from a central location. It allows configuring advanced security layers through your own conditional access policies, such as MFA, integration with OKTA and other applications that work with the Microsoft Authentication Library (MSAL).

A Microsoft Entra ID access token (constrained to the Quest On Demand application) is obtained when the user navigates through authentication process. This Microsoft Entra ID access token has a lifetime limit of 10 minutes after which it is automatically refreshed if the user is actively using application. The user is automatically logged out following a period of inactivity. If the user token is revoked in Microsoft Entra ID, the user will continue to have access to On Demand until the token expiry, for a maximum of 10 minutes. User access to On Demand organization can be also revoked within On Demand by an On Demand Organization Administrator, resulting in access loss after token expiry.

View your basic profile

Permission required for Quest to access users name and email to display the logged in user.

Maintain access to data you have given it access to

Permission is automatically included and required by Microsoft for Single Page Applications as it gives access to critical refresh tokens for proper functionality.

This permission scope is required for single sign on (SSO) and allows a refresh token to be returned from the authentication flow to avoid On Demand prompting the user every time their primary authentication token times out.

NOTE:  
The ability to request consents will only be available if the global administrator has enabled the admin consent workflow. See https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-admin-consent-workflow#enable-the-admin-consent-workflow.
4
Click Create New Organization.
7
Click Create New Organization.

You are signed in as the On Demand administrator for the new organization.

On Demand subscriptions

Once you have signed in to and created an organization, you have the option to begin a trial or purchase a subscription for modules. In the side navigation panel, click Services to open a page with module information and Learn More links that take you to the appropriate Quest web site.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating