User groups
Introduction
Here you can see a list of action you can do with user groups to use and manage them as an administrator:
How to manage the user groups?
- Manage groups manually
- Manage groups via the SCIM API
- Manage groups via SAML2 (memberOf)
- Import users and groups (CSV and XLSX)
How to use the user groups?
- Building level - access control
- Floorplan level - access control
- Object level - reservation rights
- Home office - reservation rights
How to manage the user groups
Manage groups manually
To create a user group, navigate to Dashboard > Users > Groups
as an administrator in the admin panel. There you can create
, delete
and edit
the user groups.
The user groups can have three different types:
system
: The system groups are maintained by the Flexopus application. You can not edit or delete this group. Example: ALL group, which contains all users in the user database.internal
: The internal groups are created by an administrator manually, or it's an external group which was moved to become an internal groups. Internal groups can be edited and deleted within Flexopus.external
: The external groups are usually managed by a third party application, typically by your Identity Provider. You can not edit or change this groups, unless you detach them from the external provider.
Additionally, the user groups can have a flag called hidden
. The hidden groups are not showed for the user in the end application. They can not search for them or use them to find or group other colleagues. Example: In case you want to create a priority group for users in a wheelchair or based on “back” related health issue, you may want to hide it from the other users in the application.
If you open a group, you can see four tabs by default:
group members
: Add or delete groups, members. You can sort and filter them. You can also export the group members as a CSV, XLSX or in the Azure AD CSV format.associated objects
: List of building, floors and object associated with the group.group admins
: List of user with access to edit the group.group settings
: Change the name, add a description, set the group to hidden and see the properties of the group, like the internal and external ID.
You can also see the user groups for each user individually in their user profiles. Select a user and navigate to the Application Rights
menu item. Here you can view and manage the linked groups of users.
Manage groups via the SCIM API
In many cases, user groups already exist in the Identity Provider (IdP) such as Azure Active Directory. You can synchronize user groups from Active Directory to Flexopus through our SCIM interface.
Manage groups via SAML2 (memberOf)
In many cases, user groups already exist in the Identity Provider (IdP). Unfortunately, not every Identity Provider (IdP) offers a SCIM interface. The user groups can also be transmitted to Flexopus by further assigning attributes from SAML2. IdP Examples: ADFS, KeyCloak.
Import users and groups (CSV and XLSX)
Users can easily be added or updated via Excel/CSV lists. Use the import feature to invite new users or edit existing users by uploading a spreadsheet. The process creates or updates the users with the attributes you specify. For example, you can edit the groups or names of the users. Unchanged data fields are not updated. Navigate to Dashboard > Users > Import / Export
and follow these steps for a proper import:
- Use one of the template files or one of the exports above to create a valid import file.
- Open the file with your spreadsheet program. The first row of the document contains the names of the columns:
name
,email
,department
,function
,About
,notify
,groups
,roles
,timezone
,id
- The user's email address is used as a unique key to match against the rows in the Flexopus database.
- The minimum requirement for each row is to have an email address and a name to identify the users: All other columns are optional. Leave only the columns you want to use.
- To ignore an attribute, you must delete the entire column, including the column name in the first row. If you leave an empty column whose first row still contains the column name, the system will use the empty fields to overwrite the corresponding attribute of the listed users.
You can find a detailed description about the field directly in Flexopus.
When you have finished editing the document, press the Upload User List
button to select the document. Once selected, press the green Process File
button to upload the file. If there are problems, the upload process will be aborted. If there are no errors, a summary will appear, and you can click Finish import
to save your changes.
Learn more about the usage of user groups
Building level - access control
As an administrator, you can view and manage all buildings in the admin dashboard. By default, the group “all” is assigned to all building so that initially everyone can have access to the buildings. To change the default group association, navigate to Dashboard > Buildings > Select a building > User groups
.
On this page, you can add
and remove
groups associated with the building. Only the users associated with the building are able to see the building in the user application.
Floorplan level - access control
As an administrator, you can view and manage all floor plans in the admin dashboard. By default, the group “all” is assigned to all floor plans so that initially everyone can have access to the floor plan. To change the default group association, navigate to Dashboard > Floor plans > Select a floor plan > User groups
.
On this page, you can add
and remove
groups associated with the floor plan. Only the users associated with the floor plan are able to see the floor plan in the user application.
Object level - reservation rights
As an administrator, you can view and manage the floor plans. Click on objects to view object settings and attributes. Select an object by clicking on it and navigate to the User groups
tab. The associated user groups are able to create reservations for the selected object. By default, the group all
is assigned so that all users have access. Edit the groups as follows:
- Add group to unlock the item for the group. All users of the assigned user group can book the object as long as the group has the status
Available
. Use theall
group if you don't want to make any restrictions. - Remove user group to lock the object for specific user groups. The list works like a whitelist. Only the assigned user groups have access to the object.
Through a special setting Ignore objects within the following days
you can set a day limit. With this setting, you can create a priority booking for the selected groups. After the selected day limit, all users can book the object, that has access to the floor plan.
Home office - reservation rights
You can activate the booking of the home office object type as an optional module. You can find the setting option under Dashboard > Settings > Booking Settings > Home office
. Use the user groups to control which groups are authorized for home office.
Examples for user groups in desks
Mr. Müller
is in the all
group and the IT
groupMr. Schmidt
is in the group Legal
and
TABLE_1TABLE_2
are on the First Floor
.First Floor
is in the Example Building
.Example Building
has the group all
Example 1
First floor
has the group all
. TABLE_1
has the group IT
. TABLE_2
has the group Legal
.M. Müller
can book TABLE_1
. He cannot book TABLE_2
, but can only view the booking status.Mr. Schmidt
cannot view the floor and therefore cannot book the seats.
Example 2
First floor
has the group Legal
. TABLE_1
has the group IT
. TABLE_2
has the group Legal
.Mr. Müller
cannot view the floor and therefore cannot book the seats.Mr. Schmidt
can book TABLE_2
. He cannot book TABLE_1
, but can only view the booking status.
Troubleshooting / FAQ
The user can not see the building.
Check if the building is published or not. It should be published. Also check the associated groups with the building and validate, if the user is in one of the associated groups.
The user can not see the floor plan.
Check if the building and the floor plan is published or not. Both of them should be published. Also check the associated groups with the building and the floor plan and validate, if the user is in one of the associated groups.
The user can not see book an object, it's displayed as blocked.
Check if the object status is set to flexible. It should be. Also validate the associated groups assigned to the object. The user should be in one of the groups. In case you set.