General
      Back to home
      1. Knowledge Base
      2. Humly Control Panel
      3. General

      M365 User Groups for SSO

      This document will guide you on how to restrict SSO access in Humly using M365 user groups. Set up Azure AD groups, configure API permissions, and manage users access.

      Introduction

      Humly Control Panel administrators can restrict the users from accessing Humly Reservation, Humly Deskbooking, and Humly Floor Plan using the single sign-on function based on the security group membership.

      Note: This feature works on Humly Control Panel v1.15 onward.

      To enable this function, five user groups should be created in Azure Active Directory, one group for each user type in Humly Control Panel. You can however decide not to use five user groups if you do not have a need for all five user types.

        • HCP Global Admins
        • HCP Local Admins
        • HCP Statistics Users
        • HCP Users
        • HCP Guests

      Note: The Group type in Azure can be a Mail-enabled security group, Security, or Microsoft 365

      Azure Active Directory Preparation

      Follow the below steps to create the groups in Azure AD.

      Create Security Groups

      1. Navigate to Azure Active Directory→ Groups
      2. Create new groups as needed, one group for each user type
      3. Take note of the group's names, the names will be used in Humly Control Panel global settings later
      4. Assign the members to the group as needed.

      Configure API Permissions

      The following permissions are required to log in using Microsoft's M365 user groups feature.

       

      Permission type Permissions (both required)
      Application Group.Read.All && User.Read.All

       

      To add the required API permission, please follow the steps below:

      1. Navigate to Azure Active Directory→ App registration → select your HCP application
      2. Select API Permission and click Add permission → choose Microsoft Graph → Application permissions
      3. Search for "Group" in the search field, expand the group, and checkmark the  Group.Read.All option.
      4. Do the same for User.Read.All
      5. Grant Admin Consent for the application if it is not already granted.

      Humly Control Panel Configuration

      After creating the groups and preparing the application in Azure AD, you are ready to configure Humly Control Panel.

      In Global settings, under the M365 user groups section, add the user groups that match the names of groups you have created in Azure and save.

      1.png

      The users belonging to the above groups can log in to Humly Control Panel products using SSO.