.svg)
User groups enable you to make certain workstations, parking spaces or meeting rooms accessible only to a certain group of people.
What can I do with user groups?
- Control access to buildings with groups
By assigning groups, you can control at the building level whether and which users are allowed to see the building and all associated floors, including objects such as workstations, meeting rooms and parking spaces. Of course, you can also use several groups. More - Control access to floorplans with groups
By assigning groups, you can control the floors / floor plan level. Whether and which users are allowed to see the floors and the associated objects such as workstaions/ parking spaces and meeting rooms. You can also use multiple groups. More
- Controlling the bookability of workstations / parking spaces / meeting rooms with groups
By assigning groups to the floors / floorplan level, you can control whether and which users can book the object such as workstations, parking space and meeting room. You can also use multiple groups. More
- Controlling bookability of home office with the groups
By assigning appropriate groups, you can allow home office booking for selected employees. You can also use multiple groups. More
- Group manager as a role concept
You can assign special roles to individual users. One such role is the "Group Manager" role. The "Group Manager" can manage the bookings of the groups. You can also use multiple groups. More
How can I create user groups at Flexopus?
- Create / manage user groups manually (in Flexopus)
You can manually create and manage the groups in Flexopus individually. You can create an unlimited number of groups. More
- Link user profiles to groups manually (in Flexopus)
You can link the groups to the existing user profiles. An unlimited number of user profiles can be linked to a group. Multiple assignment is possible in both directions. More
- Create, sync and externally manage user groups with SCIM
You can also manage the groups externally through our SCIM integration. User <-> group assignments are managed externally and cannot be revised at Flexopus. Example: Microsoft Azure Active Directory. More
- Create, sync and externally manage user groups through SAML2 (memberOf)
Not every Identity Manager Platform (IDP) offers a SCIM interface. You can also manage user groups through our SAML2 extension. IDP Examples: ADFS, KeyCloak. More
- Manage user groups and user lists with CSV and XLSX
You can also manage user lists and user groups locally with CSV and XLSX (Microsoft Excel) files. You can export the user list to tabulate user profiles and their attributes, such as user groups. More
- Special user group "all"
By default, the application always falls back to the "all" user group when you create a new building, floor or object. This group is maintained by the system and always includes all users. More
Important!
The Flexopus application only supports flat user groups. As of today, we do not yet support the so-called "Nested Groups". In other words: the groups can only contain user profiles, but groups cannot contain any further subgroups.
Control access to buildings with groups
This functionality will only be rolled out with the upcoming software release.
As an administrator, you can view and manage all buildings in the Admin Dashboard. By default, the group "all" is assigned to all users so that initially everyone can have access to everything. Open a building and go to "General Settings". Scroll down and edit the user groups as follows:
- Add user group to unlock buildings for the user groups. All users of the assigned user group can view the building provided they have access to at least one additional floor. Use the "all" group if you don't want to make any restrictions
- Remove user group to block buildings for specific user groups. The list works like a kind of whitelist. Only assigned user groups have access to these buildings.
- Edit the user group if you want to change the global assignments of the user group.
Control access to floors (floorplans) with groups
As an administrator, you can view and manage the floorplans in the Admin Dashboard. By default, the group "all" is assigned so that all users have access. Open the floor plan and edit the groups as follows:
- Add user group to unlock the floor for the group. All users of the assigned user group can view the floor. Use the "all" group if you don't want to make any restrictions.
- Remove user group to block the floor for specific user groups. The list works like a whitelist. Only the assigned groups get access to this floor.
Note: In order for a user to be able to book a specific object, the user must have access at the floor level and also access at the object level.
Example:
Mr. Müller is in the "all" group and the "IT" group
Mr. Schmidt is in the group "Legal
TABLE 1 and TABLE2 are on the first floor.
Example 1:
First floor has the group "all". TABLE1 has the group "IT". TABLE2 has the group "Legal".
Mr. Müller can book TABLE1. He cannot book TABLE2, but can only view the booking status.
Mr. Schmidt cannot view the floor and therefore cannot book the seats.
Example 2:
First floor has the group "Legal". TABLE1 has the group "IT". TABLE2 has the group "Legal".
Mr. Müller cannot view the floor and therefore cannot book the seats.
Mr. Schmidt can book TABLE2. He cannot book TABLE1, but can only view the booking status.
Controlling the bookability of the workstations / parking spaces / meeting rooms based on groups
As an administrator, you can view and manage the floorplans in the "Location" view. Click on objects to view object settings and attributes. You will find the "User groups" field in the attributes. The user groups allow you to control which user groups can book the object. By default, the group "all" is assigned so that all users have access. Edit the groups as follows:
- Add group to unlock the item for the group. All users of the assigned user group can book the object as long as the group has the status "Available". Use the "all" group if you don't want to make any restrictions.
- Remove user group to lock the object for specific user groups. The list works like a whitelist. Only the assigned user groups have access to the object.
Control bookability of home office with groups
You can activate bookings for home office as an optional module. You can find the setting option under Settings > Booking Settings > Home office.
You can use the user groups to control which groups are authorized for home office.
Group manager as a role concept
With the "Group Manager" role, you can assign individual users administrative permissions at group level. Find out more about our role concept here.
Create / manage user groups manually (in Flexopus)
To create a user group, navigate to “Users” in the admin panel. There you can create and save a new user group under "Groups". In the next step you can then add new users to the user group.
You can then assign a specific user group to a building plan:
To apply a user group, go to "Floor plans", select the desired floor plan (or even a workplace) and assign the user group.
You can assign one or more user groups to a complete plan. If you want to define it even more specifically, you can do this at the object level as well. It is important here that the plan level is checked first and then the object level.
But remember: less is more! Being too specific will significantly reduce the free space created by desk sharing.
Link user profiles to user groups manually (in Flexopus)
You are also welcome to view the user groups individually for individual users. Select a user and navigate to the "Application Rights" menu item. Here you can view and manage the linked groups of users.
Attention!
Do not confuse user groups with user roles. Read more about user roles here.
Create, sync and externally manage user groups with SCIM
In many cases, user groups already exist in the "Identity Management Platform" (IDP) such as Azure Active Directory. You can synchronise user groups from Active Directory to Flexopus through our SCIM interface.
NICE TO KNOW
SCIM "System for Cross-domain Identity Management" is an "open standard" for the automated provision of user accounts. The standard was developed in 2011 when it became apparent that the cloud would become the technology of the future. SCIM mediates user identity data between identity providers and service providers that require this data (e.g. for enterprise SaaS applications). User profiles and groups can be synchronised through SCIM.
The groups can only be configured as external groups by the IDP. Read more about user roles here.
Create, sync and externally manage user groups through SAML2 (memberOf)
In many cases, user groups already exist in the "Identity Management Platform" (IDP). Unfortunately, not every Identity Manager Platform (IDP) offers a SCIM interface. The user groups can also be transmitted to Flexopus by further assigning attributes from SAML2. IDP Examples: ADFS, KeyCloak.
The groups can only be configured as external groups by the IDP. Read more about user roles here.
Manage user groups and user lists with CSV and XLSX
Users can easily be added or updated as often as you like via Excel/CSV lists.
Use the import feature to invite new users or edit existing users by uploading a spreadsheet. The process creates or updates the users with the attributes you specify. For example, you can edit the groups or names of the users. Unchanged data fields are not updated. Follow these steps for a proper import:
- Use one of the template files or one of the exports above to create a valid import file.
- Open the file with your spreadsheet program. The first row of the document contains the names of the columns: Name, Email, Department, Function, About, Notify, and Groups.
- The user's email address is used as a unique key to match against the rows in the Flexopus database.
- The following columns are required for each line in the file: Email and Name. All other columns are optional. Leave only the columns you want to use.
- To omit an attribute, you must delete the entire column including the column name in the first row. If you leave an empty column whose first row still contains the column name, the system will use the empty fields to overwrite the corresponding attribute of the listed users.
Description of the accepted values for the data columns:
- name: The user's name: first name and last name.
- email: The user's email address. Note that only valid email addresses will be accepted. The system also performs domain-based verification of email addresses. For example, john.doe@localhost is not accepted.
- department: Here you specify the department to which the user should be added. This is an optional field.
- function: The position of the corresponding user in the organization. This is an optional field.
- about: A short introduction of the user for their public profiles. This is an optional field.
- notify: The notify flag affects only the users created by the current import. Set this field to 1 to send a welcome email or set it to 0 to skip the welcome email.
- groups: Enter the user groups that you want to associate with the user. If you want to assign multiple groups, separate them with semicolons (;). (Example: "Management;Accounting"). Groups that are not in the list are removed from the user. Please note: if you list a group that does not exist in the system, that group will be created.
When you have finished editing the document, press the "Upload User List" button to select the document. Once selected, press the green "Process File" button to upload the file. If there are problems, the upload process will be aborted. If there are no errors, a summary will appear and you can click "Finish import" to save your changes.
Special user group "all"
There is always the user group "all" in which all users are automatically added. You can edit these, but it is not possible to delete them. Users cannot be removed from this group. This group can be used if, for example, complete plans should be available to all users without restrictions. For new plans, this is the default.
R0006