User groups
If you only want to make individual groups or devices available to certain users, you can do this by using a user group. All users in a user group have access to the same groups and devices. This allows for an efficient assignment of access rights by simply adding new users to or removing them from an existing user group.
In principle, users who are not part of a user group do not have permission to access any groups in the group structure and therefore only see an empty navigation bar after login.
Note
Especially for the administration level or Human Resources, it is recommended that a separate user group be defined that always has access to the entire group structure.
Set up a new user group
To set up a new user group:
In the user menu at the top right, click on Users.
Click on the User Groups tab at the top in the action bar. On the left side you can now see all existing user groups.
Click on Add at the top of the left sidebar. Enter a user group name.
Define what users from this user groups are allowed to access:
Assign users to the user group (see Add and remove users).
Click on Save at the top right.
Access to groups
On this card, you can select all groups from the group tree that users from this user group are allowed to access (such as portfolios, real estates, buildings etc.). Selecting a subgroup will automatically select the groups above.
By default, users will be able to see all dashboards of the selected groups. If you want to further limit which kinds of dashboards users are allowed to see, see Access to dashboard categories.
Access to dashboard categories
In some cases, users should get access to a specific group, but not to all dashboards in said group. You can restrict access to specific dashboards by assigning dashboard categories to them and specifying which user groups is allowed to see only dashboards with specific categories.
Then assign a dashboard category to the user group to limit access to dashboards with that particular category.
Users belonging to a user group with no assigned dashboard category will have access to all dashboards of the groups that are accessible to them. Dashboards without dashboard categories are accessible to all users that can access the corresponding group, whereas dashboards with dashboard categories are only accessible if one of the user groups of the logged-in user has at least one of these categories assigned.
Warning
Assigning dashboard categories to user groups can cause you to lose access to dashboards if you are not careful.
Access to devices
By default, users have only access to devices if their user role has the action right “Create and delete devices” or “Show all devices” assigned.
However, you can also assign devices to a user group, which will grant users from the user group access to these assigned devices regardless of their user role.
Note that if the users’ user role has the action rights mentioned above, they will still see all devices, regardless of which devices are assigned to their user groups.
Access to data point filters
By default, users can access all data points of all device to which they have access according to the previous section.
If you want to give users access to specific data points from devices to which they don’t normally have access, you can assign data point filers here. If you want to give users access to the entire device, use Access to devices instead.
Note that you can only assign data point filters to which you have access yourself. The top-level data point filters of devices cannot be assigned here, and neither can any data point filters from devices that are assigned to the user group on the Access to devices card.
Also note that this will also impact the data points that can be accessed via our public API.
Add and remove users
A user group without users is quite useless. Therefore, add all users to it who are allowed to see the same groups or devices.
Note
You can easily search for specific groups. To do this, type the name of the group or part of the name into the search field that is displayed.
Select the desired user group in the left sidebar.
In the Users section, click on Add User and select a user from the list to add it to the user group. If the desired user is not visible, simply type in the corresponding name to search for it.
Save the changes by clicking Save at the top right. If you want to remove a user from the user group, click the Remove icon next to the corresponding user.
If you want to create additional user accounts to assign them to the user group you just created, you can do so now. You can create the link between a user and the user group directly in the user editor, which is described in the next section.
Linked user groups
Linked user groups are user groups of other clients with which they can gain access to your data and are marked with a small arrow . You can use the linked user group to define which groups (properties, buildings, systems) these users can access within your client account.
Identity provider
If you want to integrate users from external identity providers (such as Azure AD or ADFS), you can specify the name of the user group or user role from the external service.
When external users log in for the first time, a new user account will be created in the system, and the user groups and user role matching the name of the external user groups or user role will automatically be assigned to it.
If the external service doesn’t provide such a user role name, it will automatically be assigned the user role whose Use as Default option is checked. Only one user role can have this option checked.
Warning
If no user role has the Use as Default option checked, users will not be assigned a user role and therefore won’t be able to log in.
In addition to the user groups provided by the external service provider, new users will also automatically be added to all user groups that have the Use as Default option checked, even if they are not related to any external user group.