![Full Logo.png]](https://help.devicie.com/hs-fs/hubfs/Full%20Logo.png?height=30&name=Full%20Logo.png){kind=small}
Manage access to the Devicie Portal
This article provides instructions for Devicie customers on how to manage user access to the Devicie portal.
First-time onboarding? Read this after:
Create Devicie Intune Admin User
How Devicie access works
As part of your onboarding process, the Devicie solutions team will set your organisation up with access to the Devicie Portal.
Devicie uses a Microsoft first approach to access management, this provides you with full control over your environment. We do this using specific role based Microsoft Entra groups. This method allows you to manage access seamlessly and leverage Privileged Identity Management (PIM) features within Entra if necessary.
To manage someone's access to the Devicie Portal, you will simply need to add or remove them from the relevant Entra groups explained below. Anyone who is a member of these groups will be able to directly login via SSO using their existing Microsoft account.
Access Groups Overview
A standard setup for Devicie customers includes two access groups, each with distinct permission scopes.
- Dashboard Access
Default Group Name: Devicie-Portal-Viewers
Members of this group are granted permission to view dashboard report data in the Devicie portal. - Devicie Admin
Default Group Name: Devicie-Portal-Administrators
Members of this group can deploy and manage Devicie content within your organisation's tenant.
Important: Viewing dashboard data requires membership in the Devicie-Portal-Viewers group.
To simplify access management, we recommend nesting the Administrators group inside the Viewers group. This ensures that all administrators automatically inherit viewer permissions, while viewer-only users remain limited to dashboard access.
Why This Setup?
Although it may seem counterintuitive to nest the admin group inside the viewer group, this approach uses group inheritance to maintain correct permissions without requiring dual group membership. It ensures clarity, scalability, and consistency across tenants.
NOTE: Support pages within the portal can be accessed by users in your Microsoft tenant, regardless of membership in the groups above.
Manage User Access
As a customer, you can manage who gets access to the Devicie Portal by adding users to the appropriate Entra groups above. To do this, you will need to have one of the following roles:
- Global Administrator
- User Administrator
- Privileged Role Administrator
- Groups Administrator
Please note that you do not need to assign any Devicie applications to these users, membership of the group is sufficient to provide access.
Once someone has been added to the relevant group, they will be able to directly login via SSO using their existing Microsoft account.
NOTE: Please allow up to 30 minutes after adding a user to a group for access permission to take effect.
Additional controls
Customers who wish to provide additional control over access permissions are recommended to use Privileged Identity Management (PIM) in Microsoft Entra ID to manage how users within your organisation can request and gain membership in the groups.