Enabling single sign-on (SSO) gives enterprises using Hoylu Suite the ability to manage licensing and access through Azure Active Directory (AAD) group memberships. This utilizes an enterprise’s existing account management infrastructure.
In this document, we guide Hoylu administrators and AAD administrators through the steps required to enable SSO for their organization. We also provide an overview of the following features:
- Viewing accounts that are members of an organization
- Company access and security policies
Hoylu currently supports AAD integration for organizations that have an Enterprise licensing agreement with Hoylu: In an Enterprise agreement, there is no set limit to the number of licenses. There is a usage agreement for a number of users for a fixed term. Additional licenses are created as needed. During the renewal process we will evaluate actual usage to determine if the number of users should adjusted.
The Hoylu Management Portal is accessed at: https://manage.hoylu.com
If your organization does not yet have an administrator account for Hoylu Suite, please contact firstname.lastname@example.org.
This document is specific to organizations that are integrating with Azure Active Directory for their user accounts. If your organization is not interested in Azure Active Directory integration, please contact email@example.com for appropriate documentation.
Sending a Request to an AAD Administrator
To enable single sign-on, select the Azure AD Administration option from the Management Options menu. Note: If this menu option is not available, please contact firstname.lastname@example.org to enable this advanced option.
Provide the email address for your organization’s Azure Active Directory administrator. This administrator does not need to have, or create, a Hoylu account.
After submitting your organization’s AAD administrator’s email address, they will be sent an email for two separate permissions requests. This email will be sent from email@example.com.
Note: The Hoylu administrator and the AAD administrator cannot use the same account, as Azure does not allow this for permissions granting.
AAD administrator permits Hoylu Suite to access AAD
It is important that your organization’s AAD administrator accepts both AAD permissions requests. For each request that is accepted, the Hoylu administrator will be sent a confirmation email from firstname.lastname@example.org.
1. Gives your organization’s AAD accounts the ability to sign in to Hoylu using single sign-on.
2. Gives your organization’s Hoylu administrator the ability to license specific AAD groups.
Managing Group Access
After your organization’s AAD administrator approves the permissions requests, the Hoylu Suite administrator will need to login to the Hoylu Management Portal with their AAD credentials.
The Azure AD Administration menu option now gives administrators the ability to select specific groups to license.
Members of licensed groups will be automatically assigned a license when they login and create a Hoylu account.
To license a group, select a group from the Available Azure AD Groups list and with the button move it into the Azure AD Groups Licensed for Hoylu list.
To remove a group from licensing, select a group from the Azure AD Groups Licensed for Hoylu list and with the button move it into the Available Azure AD Groups list.
When a member of a licensed group in your organization signs-in to Hoylu, a user account is created. These accounts can be viewed on the Accounts page.
Currently Registered Users is a list of all member accounts within an organization.
The Expiration Date is the date when the user’s license expires.
The Last Access Date is the date when the user last logged in to a Hoylu application. If a user has not yet logged in to Hoylu, the value will be ‘never’.
The Filter names… search will filter on both name and email address.
The Company Information page is not editable by organization administrators. This page provides visibility into the information that Hoylu has for an organization.
To add or remove an administrator from your organization, contact email@example.com.
Documents can only be accessed by company accounts
When selected, this policy applies to all shared workspaces that are (and were) created by user accounts that are members of theorganization. Authenticated accounts that are outside of the organization will have no accessto organization workspaces. There is no guest (unauthenticated) access to organization workspaces.
Documents can only be edited by company accounts
When selected, this policy applies to all shared workspaces that are (and were) created by user accounts that are members of theorganization. Authenticated accounts that are outside of the organization will have read-only accessto the workspaces. Guest (unauthenticated) read-only access to workspaces is also enabled.
Require passwords for all documents
When selected, this policy applies to all workspaces that are newly created and shared by user accounts that are within the organization. Existing shared workspaces will not be required to set a password. The only restriction on password quality is that the password must have a minimum of 8 characters.