Similar to how Roles are managed for SSO, you can choose how User Groups are managed in the settings menu. User Groups are essential when setting up Equipment Access in your workspace.

The "User Group" option allows you to choose whether you want to manage groups from the Identity Provider (such as OneLogin, Azure AD, ADFS, Okta, Google, SAML IdP) or keep the user group assignments within Cheqroom.

In some cases, it may be more convenient to assign user groups within Cheqroom itself, so that you don't have to contact your company's IT administrator to change the user group of specific users.

Option 1: Identity Provider (e.g. OneLogin, Azure AD, ADFS, Okta, Google, SAML IdP)

When User Groups are managed through the Identity Provider, the following logic is used:

New and existing users

The user group of a user will be updated on every login through SSO.

If the Identity Provider doesn’t return a user group or an invalid user group for the user, the user will be assigned the default group.

If the user has already been assigned a user group in Cheqroom, it will be overwritten.
If the Identity Provider returns a user group for the user, that group will be assigned to the user

Option 2: Cheqroom

When User Groups are managed through Cheqroom, the following logic is used:

New users	Existing users
First, new users must log in through SSO in order for you (the admins) to manage their User Groups. Newly created users will be assigned the selected User Group when they log in for the first time through SSO.	You can immediately manage their User Groups in Cheqroom

Remark: If you previously used the Identity Provider option, the user group claim will always be ignored.