M365 User Groups to Restrict Single Sign-On

Introduction

Humly Control Panel administrators can restrict the users from accessing Humly Reservation, Humly Deskbooking, and Humly Floor Plan using the single sign-on function based on the security group membership.

To enable this function, five user groups should be created in Azure Active Directory, one group for each user type in Humly Control Panel. You can however decide not to use five user groups if you do not have a need for all five user types.

• HCP Global Admins
• HCP Local Admins
• HCP Statistics Users
• HCP Users
• HCP Guests

Azure Active Directory Preparation

Follow the below steps to create the groups in Azure AD.

Create Security Groups

1. Navigate to Azure Active Directory→ Groups
2. Create new groups as needed, one group for each user type
3. Take note of the group's names, the names will be used in Humly Control Panel global settings later
4. Assign the members to the group as needed.
   

Configure API Permissions

One of the following permissions is required to log in using the M365 user groups feature as per Microsoft.  List a user's direct memberships

To add the required API permission, please follow the steps below:

1. Navigate to Azure Active Directory→ App registration → select your HCP application
2. Select API Permission and click add permission → choose Microsoft Graph → Delegated permissions
3. Search for "GroupMember" in the search field, expand the group, and checkmark the  "GroupMember.Read.All" option.
4. Grant Admin Consent for the application if it is not already granted.
   

Humly Control Panel Configuration

After creating the groups and preparing the application in Azure AD, you are ready to configure Humly Control Panel.

In Global settings, under the M365 user groups section, add the user groups that match the names of groups you have created in Azure and save.

The users belonging to the above groups can log in to Humly Control Panel products using SSO.