Administrator's Guide – Groups
This page explains how to set up and manage user groups, domain groups and, advanced groups as well as how to restrict access to locations and resources for particular users. How the different groups are synchronised and our approach to security is also explained.
Contents
Restrict access – assign a location or resource to an advanced group
Synchronise Matrix Booking groups with Microsoft Entra ID or SCIM
Add a user group
To add a user group:
Select Admin in the top bar.
Select Groups under the Security & Integrations section in the side menu. This will show you all the groups set up so far.
You can also hover over the Groups button and a drop-down list will appear with User groups, Domain groups, and Advanced groups. Selecting any one of these drop-down list item will show a page for that group type only.
Select Add user group. The Add user group pop-up will appear.
Enter the name of the user group you’re creating in the Group name text box.
Select whether this is an organisational group for reporting purposes. The default is No.
Begin to enter the user’s name in the search bar.
Select the correct user from the drop-down list.
Follow steps 6 and 7 again to add more users to the user group.
Select Save after all the users have been added.
Warning: if a user doesn’t appear in the drop-down list, they aren’t registered with Matrix Booking. They can’t be added to any type of group until they’ve been registered.
If you select that the user group is an organisational group used for reporting, you can go to the Reports page on Matrix Booking web app to get more information on that user group. In the Booking Summary report, you can summarise your report by Group. In the Resource Utilisation report, you can select Show utilisation by group under each standard chart to view how each group has used resources, from a high level all the way down to individual resources.
You’re given all the information of what departments or directorates are using which resources, which might be useful for your workspace and resource management optimisation. For more information, see our Reports page.
Add a domain group
In addition to user groups, you can specify domains instead. You may wish to do this if you:
have staff with different email domains
want to allow some rooms to be visible to all and some only to certain domains
To add a domain group:
Select Admin in the top bar.
Select Groups under the Security & Integrations section in the side menu. This will show you all the groups set up so far.
You can also hover over Groups and a drop-down list will appear with User groups, Domain groups, and Advanced groups. Selecting any one of these drop-down list item will show a page for that group type only.
Select Add domain group. The Add Domain Group pop-up will appear.
Enter the name of the domain group you’re creating in the Name text box (for example, New Room 1 Access).
Enter the domain name without the @ symbol in the Add Domain text box.
Select the Enter or Return button to lock in the domain.
Select Save.
Warning: don’t enter the @ symbol when adding a domain group – it’s not needed.
Add an advanced group
Rules
There are rules for including and excluding user and domain groups. For example, if we have two user groups added to an advanced group and you can:
select Do not use user groups
select Include users in any of the following user groups meaning that a user must be in at least one of the user groups to have access to the resource
select Include users in all of the following user groups meaning that a user must be in all of the user groups to have access to the resource
select Exclude users in any of the following user groups meaning that a user must be in at least one of the user groups to not have access to the resource
select Exclude users in all of the following user groups meaning that a user must be in all of the user groups to not have access to the resource
The same rules apply for domain groups based on domain names, but there are no any or all options.
Add a user and domain group to an advanced group
To add a advanced group:
Add a user group or domain group.
Select Admin in the top bar.
Select Groups under the Security & Integrations section in the side menu. This will show you all the groups set up so far.
You can also hover over Groups and a drop-down list will appear with User groups, Domain groups, and Advanced groups. Selecting any one of these drop-down list item will show a page for that group type only.
Select Add advanced group. The Add advanced group pop-up will appear.
Enter the name of the advanced group.
If you want to add user groups, go to step 7. If you want to add domain groups, skip to step 13.
Under the User group rules section, select either:
Do not user user groups – this is the default.
Include users in any or all of the following user groups.
Exclude users in any or all of the following user groups.
Select the toggle switch for any or all of the following user groups.
Begin to enter the user group name you want to include or exclude from the advanced group in the User groups text box. A drop-down list will appear.
Select the user group from the drop-down list.
Follow steps 9 and 10 to add more user groups.
If you want include or exclude domain groups, go to step 13. If you don’t want to, skip to step 17.
Under the Domain group rules section, select either:
Do not use domain groups – this is the default.
Include user whose email matches the following domain groups.
Exclude user whose email matches the following domain groups.
Begin to enter the domain group name. A drop-down list will appear.
Select the domain group from the drop-down list.
To add more domain groups, follow steps 14 and 15.
Select Save.
Warning:
You can only select user or domain groups that have previously been set up.
You can only choose either include or exclude – not both.
User group rules take a higher priority and override domain rules.
Edit a user group, domain group, or advanced group
To edit one of the types of groups:
Select Admin in the top bar.
Select Groups under the Security & Integrations section in the side menu.
Select Edit next to the group you want to change.
Make your changes.
Select Save.
Restrict access – assign a location or resource to an advanced group
To assign a location or resource to a advanced group, you have to amend its settings. To do this:
Select Admin in the top bar.
Select Locations and Resources under the Location Settings section in the side menu.
Refresh or reload the page to sync any new groups you’ve created.
Find the location or resource you want to assign to your advanced group.
Select the Edit button.
The Edit [resource] pop-up will appear.
Select the Availability tab (for more information, see our Availability tab page).
Select the Restrict access to tick box. A text box will appear.
Select the text box. A drop-down list will appear.
Select the advanced group you want assigned to the location or resource. A warning message will appear.
If your advanced group doesn’t appear in the list:
Close the pop-up.
Refresh or reload the page (step 3).
Start the process again from step 4.
Select Save.
Notes:
If the group you’ve created doesn’t appear in the drop-down list, you’ll need to refresh or reload the page (step 3). Your new groups will sync with the list of available groups when the page refreshes or reloads.
If you book a resource on behalf of someone else and they don’t have access to that resource, the booking will be successful as it’s the booking organiser’s access to the resource that’s considered by Matrix Booking.
Synchronise Matrix Booking groups with Microsoft Entra ID and SCIM
If you’ve connected your directory to Matrix Booking using either the Microsoft Entra ID (formerly Azure Active Directory) integration or SCIM (System for Cross-domain Identity Management) integration, you should add or remove users in the directory of the integration you’re using. You must have a master list of Matrix Booking users in Entra ID or SCIM. Matrix Booking can pull members in from the master list and set them up as Matrix Booking users. You can have other Entra ID or SCIM groups that can be used to create Matrix Booking user groups. However, those members in those groups must exist in the master list.
Follow this method to add a group in Microsoft Entra ID.
Follow this method to add a group in the SCIM integration.
Once your directory sync of choice has been set up and when you add or edit a Matrix Booking Group, you’ll see an option to sync your Matrix Booking group with your Entra ID in the Edit [group type] group pop-up. To sync your Matrix Booking and Entra ID groups:
Select Synchronised with Azure AD.
Begin to enter the AD group name in the text box.
Select the correct AD group from the drop-down list.
Select Save.
To sync your Matrix Booking and SCIM groups, this must be done on the SCIM side.
Notes:
Contact Matrix Booking support if you would like to set up a directory sync.
This feature requires connectivity to your organisation’s active directory – to enable this feature, contact your Account Manager.
Our approach to security
Matrix Booking employs a “must pass all levels” approach to security. This means that for a user to access a room or desk, they must pass every security level that has been set.
For example, if a building has:
an Include group that only allows people with the domain @mycompany.com to access the building
one of the rooms in the building can be booked by anyone with the domains @mycompany.com and @mycontractors.com;
the @mycontractors.com staff won’t be able to see or book the room. They’ve been excluded at a higher level (the building). Security filters through each level in the resource hierarchy.
Warning: if a user doesn’t have the permission to access to a particular level in the hierarchy, they won’t be able to access anything beneath that level.