- Overview of Single Sign-on through MS Entra ID
- Access to the Hoylu Management Portal
- Enabling Single Sign-on
- Managing Group-based User Licensing
Overview of Single Sign-On through MS Entra ID
Enabling single sign-on (SSO) gives enterprises using Hoylu Suite the ability to manage licensing and access through MS Entra ID (formerly known as Azure Active Directory) group memberships. This utilizes an enterprise’s existing account management infrastructure.
In this document, we guide Hoylu administrators and MS Entra ID administrators through the steps required to enable SSO for their organization. We also provide an overview of the following features:
- Licensing
- Viewing accounts that are members of an organization
- Company access and security policies
Important 1: When enabling auto assignment for licenses in the Hoylu´s management portal for your organisation, licenses are controlled by MS Entra ID group membership and will be automatically assigned.
If the auto assignment is disabled in your management Portal together with MS Entra ID integration, manual assignment of licenses is possible.
Important 2: If the organisation have auto-assignment option turned On and the user who is not in an activated MS Entra ID Group, the license will be automatically removed on user login.
Access to the Hoylu Management Portal
The Hoylu Management Portal is accessed at: https://manage.hoylu.com
If your organization does not yet have an administrator account for Hoylu, please contact support@hoylu.com.
This instruction guide is specific to organizations that are integrating with MS Entra ID for their user accounts.
Enabling Single Sign-On
Before activating MS Entra ID integration, please contact support@hoylu.com to ensure your organization settings are set up for the transition.
Preparation
Hoylu is using the users email address as the identifier for their user accounts. To preserve access to workspaces of already existing Hoylu user accounts of your organization, please ensure that the users email addresses used in Hoylu match the primary email address in MS Entra ID.
Step 1: Send a Request to an MS Entra ID Administrator
To start the process to enable single sign-on, navigate to the Organization section of Hoylu Management Portal (Link in top-right corner, next to the user name).
Note: If you do not find the entry "Active Directory" or "MS Entra ID" under the "Integrations" tab, please contact support@hoylu.com
Provide the email address for your organization’s MS Entra ID administrator. This administrator does not need to have, or create, a Hoylu account.
After submitting your organization’s administrator’s email address, they will be sent an email for two separate permissions requests. This email will be sent from support@hoylu.com.
Note: The Hoylu administrator and the MS Entra ID administrator cannot use the same account, as MS Entra ID does not allow this for permissions granting.
Step 2: MS Entra ID Administrator permits Hoylu Entra ID Application
It is important that your organization’s MS Entra ID administrator accepts the permission request. Once the request is accepted, MS Entra ID SSO will be automatically enabled and the Hoylu administrator will receive confirmation email.
Hoylu requires the following permissions (both are of the type "Delegate"):
- Read all groups
- Sign in and read user profile
This gives your organization’s MS Entra ID accounts the ability to sign in to Hoylu using single sign-on and enables group-based user licensing.
Managing Group-based User Licensing
After your organization’s MS Entra ID administrator approves the permissions requests, the Hoylu administrator will need to login to the Hoylu Management Portal with their MS Entra ID credentials.
The Active Directory menu option now gives administrators the ability to select specific groups to license.
Members of licensed groups will be automatically assigned a license when they login and create a Hoylu account.
To grant licenses to a group, select a group from the Available Azure AD Groups list and with the button move it into the Azure AD Groups Licensed for Hoylu list.
To remove a group from licensing, select a group from the Azure AD Groups Licensed for Hoylu list and with the button move it into the Available Azure AD Groups list.
When SSO is set up, the users from the organization will be able to access Hoylu. By default, they will have free a user access. This means they will have a limitation of a free user account and will not have a user license. In order for users to obtain a license, they will need to be added to an AD Group that is activated for Hoylu. If auto assignment is enabled, the user will get the license automatically, once they log into Hoylu.
Comments
0 comments
Article is closed for comments.