Matrix Booking Knowledge Base
Matrix Booking Knowledge Base

Administrator guide – Groups

This page explains how to set up and manage user groups, domain groups, and advanced groups as well as how to restrict access to locations and resources for particular users. How the different groups are synchronised and our approach to security is also explained:

  1. Access the Groups screens

  2. Add a user group

  3. Add a domain group

  4. Add an advanced group

  5. Edit or delete a group

  6. Restrict access to a location or resource for a group

  7. Advanced booking rules for booking shared resources

  8. Synchronise Matrix Booking groups with Microsoft Entra ID or SCIM

  9. Our approach to security

Access the Groups screens

  1. Select Admin in the navigation bar.

  2. Select Groups under the Security & Integrations section in the side menu. The Groups dropdown will appear.

  3. Select one of the following:

    • All groups – displays all the type of groups you have on the All groups screen.

    • User groups – displays only user groups on the User groups screen.

    • Domain Groups – displays only domain groups on the Domain groups screen.

    • Advanced groups – displays only advanced groups on the Advanced groups screen.

      All groups screen with example user, domain, and advanced groups added.

Add a user group

To add a user group:

  1. Access the User groups screen.

  2. Select Add user group. The Add user group pop-up will appear.

  3. Enter the name of the user group you’re creating in the Group name text box.

  4. Select whether this is an organisational group for reporting purposes. The default is No.

  5. Begin to enter the user’s name in the search bar. The User dropdown will appear.

  6. Select the correct user from the dropdown.

  7. To add more users to the user group, repeat steps 6 and 7.

  8. Select either of the following and the pop-up will close to return you to the User groups screen:

    • Save to keep you changes.

    • Close to discard your changes.

      Add user group pop-up with an example name and users added.

Warning: if a user doesn’t appear in the dropdown, they aren’t registered with Matrix Booking. They can’t be added to any type of group until they have been registered.

If you made the user group an organisation group user for reporting, you can filter on that group in the Booking summary and Resource utilisation dashboards on Matrix Booking Insight. You’re given all the information of what departments or directorates are using which resources, which might be useful for your workspace and resource management optimisation.

Add a domain group

In addition to user groups, you can specify domains instead. You may wish to do this if you:

  • have staff with different email domains

  • want to allow some rooms to be visible to all and some visible only to certain domains

To add a domain group:

  1. Access the Domain groups screen.

  2. Select Add domain group. The Add Domain Group pop-up will appear.

  3. Enter the name of the domain group you’re creating in the Name text box.

  4. Enter the domain name without the @ symbol in the Add Domain text box.

  5. Select the Enter or Return button to lock in the domain.

  6. To add more domains to the domain group, repeat steps 4 and 5.

  7. Select either of the following and the pop-up will close to return you to the Domain groups screen:

    • Save to keep you changes.

    • Close to discard your changes.

      Add domain group with an example name and domain added.

Warning: you don’t enter the @ symbol when adding a domain group – it’s not needed.

Add an advanced group

Rules

There are rules for including and excluding user and domain groups. For example, if we have 2 user groups added to an advanced group and you can:

  • select Do not use user groups

  • select Include users in any of the following user groups meaning that a user must be in at least 1 of the user groups to have access to the resource

  • select Include users in all of the following user groups meaning that a user must be in all of the user groups to have access to the resource

  • select Exclude users in any of the following user groups meaning that a user must be in at least 1 of the user groups to not have access to the resource

  • select Exclude users in all of the following user groups meaning that a user must be in all of the user groups to not have access to the resource

The same rules apply for domain groups based on domain names, but there are no any or all options.

Add a user and domain group to an advanced group

To add a advanced group:

  1. Add at least 1 user group or 1 domain group.

  2. Access the Advanced groups screen.

  3. Select Add advanced group. The Add advanced group pop-up will appear.

  4. Enter the name of the advanced group in the Name text box.

  5. If you want to add user groups, continue to step 6. If you want to add domain groups, skip to step 12.

  6. Under the User group rules section, select one of the following:

    • Do not use user groups – this is the default.

    • Include users in any or all of the following user groups.

    • Exclude users in any or all of the following user groups.

  7. Select the toggle switch for any or all of the following user groups.

  8. Begin to enter the user group name you want to include or exclude from the advanced group in the User groups text box. The User group dropdown will appear.

  9. Select the user group from the dropdown.

  10. To add more user groups, repeat steps steps 8 and 9.

  11. If you want include or exclude domain groups, continue to step 12. If you don’t want to, skip to step 16.

  12. Under the Domain group rules section, select either:

    • Do not use domain groups – this is the default.

    • Include user whose email matches the following domain groups.

    • Exclude user whose email matches the following domain groups.

  13. Begin to enter the domain group name. The Domain group dropdown will appear.

  14. Select the domain group from the dropdown.

  15. To add more domain groups, repeat steps 13 and 14.

  16. Select either of the following and the pop-up will close to return you to the Advanced groups screen:

    • Save to keep you changes.

    • Close to discard your changes.

      Add advanced group pop-up with example user and domain groups added.

Warning:

  • You can only select user or domain groups that have previously been set up.

  • You can only choose either include or exclude – not both.

  • User group rules take a higher priority and override domain rules.

Edit or delete a group

To edit a group:

  1. Access one of the Groups screen.

  2. Select Edit next to the group you want to change.

    User groups screen with example user groups.

  3. Make your changes.

  4. Select either of the following and the pop-up will close to return you to your chosen Groups screen:

    • Save to keep you changes.

    • Close to discard your changes.

To delete a group:

  1. Access one of the Groups screen.

  2. Select Delete next to the group you want to change. The group will be deleted immediately.

Restrict access to a location or resource for a group

Once your groups have been set up, you can restrict access to particular groups for your resources To do this:

  1. Access the Availability tab.

  2. Go to the General Availability section.

  3. Select the Restrict access to tick box. The Groups dropdown will appear.

  4. Select the Groups downdown. A list of all your groups will be appear.

  5. Select the group you want the location or resource restricted to. The list of users in that group will appear.

  6. If you want to make the resource available to everyone again, select the Restrict access to tick box again to untick it.

  7. Select either of the following and the pop-up will close to return you to the Locations and resources hierarchy:

    • Save to keep you changes.

    • Close to discard your changes.

      The restrict access to setting has been set to the facilities managers user group for the meeting room.

  8. Select Save changes.

Notes:

  • If your group doesn’t appear in the list:

    • Close the Edit [location or resource] pop-up without saving.

    • Refresh or reload the page.

    • Start the process again.
      Your new groups will sync with the list of available groups when the page refreshes or reloads.

  • If you book a resource on behalf of someone else and they don’t have access to that resource, the booking will be successful as it’s the booking organiser’s access to the resource that’s considered by Matrix Booking.

Advanced booking rules for booking shared resources

In the following example, we show how 3 features of Matrix Booking can be used together so that you can share your resources with other organisations while still giving priority to your staff.

Resource sharing

Organisation 1 shares a resource (Room A) with Organisation 2. Both organisations are in the same building, but occupy different floors. Organisation 1 wants to give its own staff higher prioritisation for booking Room A than Organisation 2.

image-20250729-140551.png

Although the example below shows 1 shared resource in 1 shared building, this setup could be applied to multiple shared resources and across multiple buildings.

Example resource sharing network set up.

Domain groups

Before setting up the different prioritisations for the organisations that can book Room A, Organisation 1 needs to set up domain groups. Domain groups rely on each organisations’ email domain. Organisation 1 has set up the following domain groups:

  • Organisation 1 has the domain @org1.com

  • Organisation 2 has the domain @org2.com

    Organisations 1 and 2 domain groups have been set up.

Advance booking rules (prioritisation)

Now that the domain groups have been set up, Organisation 1 can set up the Advance booking rules for each organisation based on the domain groups. Organisation 1 has set up the following Advance booking rules:

  • Domain group Organisation (@org1.com)1 can book Room A up to 4 weeks in advance.

  • Domain group Organisation (@org1.com)2 can book Room A up to 2 weeks in advance.

    Prioritisation rules for organisations 1 and 2 have been set up.
    image-20250829-102611.png

Synchronise Matrix Booking groups with Microsoft Entra ID and SCIM

If you’ve connected your directory to Matrix Booking using either the Microsoft Entra ID (formerly Azure Active Directory) integration or SCIM (System for Cross-domain Identity Management) integration, you should add or remove users in the directory of the integration you’re using. You must have a master list of Matrix Booking users in Entra ID or SCIM. Matrix Booking can pull members in from the master list and set them up as Matrix Booking users. You can have other Entra ID or SCIM groups that can be used to create Matrix Booking user groups. However, those members in those groups must exist in the master list.

You need to have our single sign-on (SSO) integration to have our Microsoft Entra ID integration.

Use one of the following guides to set up a group in your chosen integration:

Once your directory sync has been set up and you add or edit a Matrix Booking Group, you’ll see an option to sync your Matrix Booking group with your Entra ID in the Edit group pop-up. To sync your Matrix Booking and Entra ID groups:

  1. Access one of the Groups screen.

  2. Add or edit a group.

  3. Select Synchronised with Azure AD.

  4. Begin to enter the Entra ID group name in the text box. The Group name dropdown will appear.

  5. Select your Entra ID group from the dropdown.

  6. Select either of the following and the pop-up will close to return you to your chosen Groups screen:

    • Save to keep you changes.

    • Close to discard your changes.

      The How are users added to this group section in the Add group pop-up.

To sync your Matrix Booking and SCIM groups, this must be done on the SCIM side.

Info message about making user and user group changes via SCIM and not Matrix Booking.

Note: for either directory sync, contact your customer success manager so they can discuss these options with you.

Our approach to security

Matrix Booking employs a “must pass all levels” approach to security. This means that for a user to access a room or desk, they must pass every security level that has been set.

For example, if a building has:

  • an Include group that only allows people with the domain @mycompany.com to access the building

  • and 1 of the rooms in the building can be booked by anyone with the domains @mycompany.com and @mycontractors.com;

the @mycontractors.com staff won’t be able to see or book the room. They have been excluded at a higher level (the building). Security filters through each level in the resource hierarchy.

Warning: if a user doesn’t have the permission to access to a particular level in the hierarchy, they won’t be able to access anything beneath that level.


❮ Back
Reception sharing

Next ❯
Contact and directory management

Administrator guide homepage