Humly Control Panel administrators can restrict the users from accessing Humly Reservation, Humly Deskbooking, and Humly Floor Plan using the single sign-on function based on the security group membership.
To enable this function, five user groups should be created in Azure Active Directory, one group for each user type in Humly Control Panel
- HCP Global Admins
- HCP Local Admins
- HCP Statistics Users
- HCP Users
- HCP Guests
Azure Active Directory Preparation
Follow the below steps to create the groups in Azure AD.
Create Security Groups
- Navigate to Azure Active Directory → Groups
- Create new groups as needed, one group for each user type
- Take note of the group's names, the names will be used in Humly Control Panel global settings later
- Assign the members to the group as needed.
Configure API Permissions
One of the following permissions is required to log in using the M365 user groups feature as per Microsoft. List a user's direct memberships
|Permission type||Permissions (from least to most privileged)|
|Delegated (work or school account)||User.Read, GroupMember.Read.All, Directory.Read.All, Directory.ReadWrite.All|
|Delegated (personal Microsoft account)||Not supported.|
To add the required API permission, please follow the steps below:
- Navigate to Azure Active Directory → App registration → select your HCP application
- Select API Permission and click add permission → choose Microsoft Graph → Delegated permissions
- Search for "GroupMember" in the search field, expand the group, and checkmark the "GroupMember.Read.All" option.
- Grant Admin Consent for the application if it is not already granted.
Humly Control Panel Configuration
After creating the groups and preparing the application in Azure AD, you are ready to configure Humly Control Panel.
In Global settings, under the M365 user groups section, add the user groups that match the names of groups you have created in Azure and save.
The users belonging to the above groups can log in to Humly Control Panel products using SSO. other users are not allowed to access.