Introduction
If you have followed the required steps to add Microsoft 365 groups to restrict single sign on as seen here SSO there are few key points to note.
- Users added manually to the Humly control panel also have access to the single sign on function as long as you have configured the Single sign on URL for the application in Microsoft Entra as seen in the screenshot below. More information about this is found in one of the setup steps in this document. Microsoft 365 setup
- When the users are added to these four groups, HCP Global Admins, HCP Statistics Users, HCP Users, HCP Guests, if they sign in to the Humly control panel via single sign on, they are not visible in the users tab in the Humly control panel but they are saved in the database.
- If a user is added to the local admin user group, when they sign in for the first time to the control panel using single sign on, they would be visible in the users tab in the Humly control panel so that the admin user can assign structure and/or resource to the user.
A user can still be added manually to the users list even though they have already been added to Microsoft 365 user group.
Background Hierarchy
- Manually added users to the Humly control panel are higher in hierarchy than users added in the Microsoft 365 group. By this I mean if a user is manually added to the Humly control panel and given user type Guest, even if you add him again to the Global Admin SSO group, when he signs in via SSO, he will be signed in as guest
- If one user is added to all 5 Microsoft 365 groups, he will be signed in via SSO to the group with the highest priority. In this regard the order of priority is like this Global admin > Local Admin > Statistics Users > Users > Guests