Skip to main content

User management

User groups

Introduction

Here you can see a list of action you can do with user groups to use and manage them as an administrator:

How to manage the user groups?

  • Manage groups manually
  • Manage groups via the SCIM API
  • Manage groups via SAML2 (memberOf)
  • Import users and groups (CSV and XLSX)

How to use the user groups?

  • Building level - access control
  • Floorplan level - access control
  • Object level - reservation rights
  • Home office - reservation rights

How to manage the user groups


Manage groups manually

To create a user group, navigate to Dashboard > Users > Groups as an administrator in the admin panel. There you can create, delete and edit the user groups.

The user groups can have three different types:

  1. system: The system groups are maintained by the Flexopus application. You can not edit or delete this group. Example: ALL group, which contains all users in the user database.
  2. internal: The internal groups are created by an administrator manually, or it's an external group which was moved to become an internal groups. Internal groups can be edited and deleted within Flexopus.
  3. external: The external groups are usually managed by a third party application, typically by your Identity Provider. You can not edit or change this groups, unless you detach them from the external provider.

Additionally, the user groups can have a flag called hidden. The hidden groups are not showed for the user in the end application. They can not search for them or use them to find or group other colleagues. Example: In case you want to create a priority group for users in a wheelchair or based on “back” related health issue, you may want to hide it from the other users in the application.

See all user groups

If you open a group, you can see four tabs by default:

  • group members: Add or delete groups, members. You can sort and filter them. You can also export the group members as a CSV, XLSX or in the Azure AD CSV format.
  • associated objects: List of building, floors and object associated with the group.
  • group admins: List of user with access to edit the group.
  • group settings: Change the name, add a description, set the group to hidden and see the properties of the group, like the internal and external ID.
Manage a group

You can also see the user groups for each user individually in their user profiles. Select a user and navigate to the Application Rights menu item. Here you can view and manage the linked groups of users.

User profile group management
💡
Note! Do not confuse user groups with user roles.

Manage groups via the SCIM API

In many cases, user groups already exist in the Identity Provider (IdP) such as Azure Active Directory. You can synchronize user groups from Active Directory to Flexopus through our SCIM interface.

💡
Note! Flexopus only supports flat user groups. As of today, we do not yet support the so-called "Nested Groups". In other words: the groups can only contain user profiles, but groups cannot contain any further subgroups.
Azure Active Directory SCIM API
Introduction You can integrate with Microsoft Azure Active Directory (Azure AD) via federated authentication or using SCIM (System for Cross-domain Identity Management), allowing users to log in to Flexopus using their existing Azure AD credentials. Flexopus can be linked to an instance of Microsoft Azure Active Directory (Azure AD) via

Manage groups via SAML2 (memberOf)

In many cases, user groups already exist in the Identity Provider (IdP). Unfortunately, not every Identity Provider (IdP) offers a SCIM interface. The user groups can also be transmitted to Flexopus by further assigning attributes from SAML2. IdP Examples: ADFS, KeyCloak.

memberOf SAML2 attribute
Synchronize groups via SAML2 Flexopus implemented the standard SAML2 Single Sign On protocol, which suppose to work with any identity providers that follows the SAML2 standard. Often it’s not only required to set up a Single Sign On configuration for the login, but it’s also necessary to exchange group memberships.

Import users and groups (CSV and XLSX)

Users can easily be added or updated via Excel/CSV lists. Use the import feature to invite new users or edit existing users by uploading a spreadsheet. The process creates or updates the users with the attributes you specify. For example, you can edit the groups or names of the users. Unchanged data fields are not updated. Navigate to Dashboard > Users > Import / Export and follow these steps for a proper import:

  1. Use one of the template files or one of the exports above to create a valid import file.
  2. Open the file with your spreadsheet program. The first row of the document contains the names of the columns: name, email, department, function, About, notify, groups, roles, timezone, id
  3. The user's email address is used as a unique key to match against the rows in the Flexopus database.
  4. The minimum requirement for each row is to have an email address and a name to identify the users: All other columns are optional. Leave only the columns you want to use.
  5. To ignore an attribute, you must delete the entire column, including the column name in the first row. If you leave an empty column whose first row still contains the column name, the system will use the empty fields to overwrite the corresponding attribute of the listed users.

You can find a detailed description about the field directly in Flexopus.

When you have finished editing the document, press the Upload User List button to select the document. Once selected, press the green Process File button to upload the file. If there are problems, the upload process will be aborted. If there are no errors, a summary will appear, and you can click Finish import to save your changes.


Learn more about the usage of user groups

💡
Golden rule! Less is sometimes more! Only use and create groups that are really necessary. The fact that you can restrict access on multiple levels doesn't mean that you should. Being too specific will significantly reduce the freedom of the users, and you need to manage many groups. For example: You can create home zones and ask the user to book here and there by default and use other spaces only in case all the home zone places are booked.

Building level - access control

As an administrator, you can view and manage all buildings in the admin dashboard. By default, the group “all” is assigned to all building so that initially everyone can have access to the buildings. To change the default group association, navigate to Dashboard > Buildings > Select a building > User groups.

On this page, you can add and remove groups associated with the building. Only the users associated with the building are able to see the building in the user application.

Buidling level access management

Floorplan level - access control

As an administrator, you can view and manage all floor plans in the admin dashboard. By default, the group “all” is assigned to all floor plans so that initially everyone can have access to the floor plan. To change the default group association, navigate to Dashboard > Floor plans > Select a floor plan > User groups.

On this page, you can add and remove groups associated with the floor plan. Only the users associated with the floor plan are able to see the floor plan in the user application.

💡
Note! Make sure that the user have access also on the building level.
Floorplan level access management

Object level - reservation rights

As an administrator, you can view and manage the floor plans. Click on objects to view object settings and attributes. Select an object by clicking on it and navigate to the User groups tab. The associated user groups are able to create reservations for the selected object. By default, the group all is assigned so that all users have access. Edit the groups as follows:

  • Add group to unlock the item for the group. All users of the assigned user group can book the object as long as the group has the status Available. Use the all group if you don't want to make any restrictions.
  • Remove user group to lock the object for specific user groups. The list works like a whitelist. Only the assigned user groups have access to the object.
Object level access management

Through a special setting Ignore objects within the following days you can set a day limit. With this setting, you can create a priority booking for the selected groups. After the selected day limit, all users can book the object, that has access to the floor plan.

💡
Note! Make sure that the user have access on the building and floor plan level as well. Adding the user only on the object level does not affect the visibility of the buildings and floor plans.

Home office - reservation rights

You can activate the booking of the home office object type as an optional module. You can find the setting option under Dashboard > Settings > Booking Settings > Home office. Use the user groups to control which groups are authorized for home office.

Homeoffice settings

Examples for user groups in desks

💡
Note: In order for a user to be able to book a specific object, the user must have access at the floor level and also access at the object level.

Mr. Müller is in the all group and the IT group
Mr. Schmidt is in the group Legal
TABLE_1
and TABLE_2 are on the First Floor.
First Floor is in the Example Building.
Example Building has the group all

Example 1

First floor has the group all. TABLE_1 has the group IT. TABLE_2 has the group Legal.
M. Müller can book TABLE_1. He cannot book TABLE_2, but can only view the booking status.
Mr. Schmidt cannot view the floor and therefore cannot book the seats.

Example 2

First floor has the group Legal. TABLE_1 has the group IT. TABLE_2 has the group Legal.
Mr. Müller cannot view the floor and therefore cannot book the seats.
Mr. Schmidt can book TABLE_2. He cannot book TABLE_1, but can only view the booking status.


Troubleshooting / FAQ

The user can not see the building.

Check if the building is published or not. It should be published. Also check the associated groups with the building and validate, if the user is in one of the associated groups.

The user can not see the floor plan.

Check if the building and the floor plan is published or not. Both of them should be published. Also check the associated groups with the building and the floor plan and validate, if the user is in one of the associated groups.

The user can not see book an object, it's displayed as blocked.

Check if the object status is set to flexible. It should be. Also validate the associated groups assigned to the object. The user should be in one of the groups. In case you set.