RICOH Spaces lets you reference your Microsoft Entra ID (Azure AD) groups inside the Groups area of the application — for example, to control who can book a particular row of desks or which colleagues appear in a roster. RICOH Spaces also supports its own system groups for cases where an Entra ID group is not appropriate. This guide shows how to manage both.
Manage your groups
Before RICOH Spaces can read your Entra ID groups, an M365 administrator needs to grant the GroupMember.Read.All application permission. The administrator can do this either as part of the standard tenant connection (covered in Connect Microsoft 365 Calendars), or directly via the following admin-consent URL — replacing {YOUR TENANT ID HERE} with your tenant ID:
https://login.microsoftonline.com/{YOUR TENANT ID HERE}/v2.0/adminconsent?response_type=token&scope=https://graph.microsoft.com/GroupMember.Read.All&client_id=5ec2cf9c-9db8-4189-a2d8-d241a089c709
For the full list of permissions RICOH Spaces requests and how to scope them, see Microsoft 365 Required Permissions.
Once consented, administrators (Group Admin, Location Admin, or Global Admin) can start syncing groups in RICOH Spaces.
Choosing what to sync
1. Navigate to Organisation Settings.
2. Head to the Groups section.
3. To start syncing AD Groups click on the 'Manage AD Groups' button at the top right. You will be presented with a dialog asking you to enter the group name and find the group. It is important to enter the start of the group name — this helps RICOH Spaces discover and present matching candidates.
4. All groups matching the search criteria will display, each with a toggle that determines whether the group is shown in Spaces.
5. Once a group is enabled to Show in Spaces, it can be used inside the application — for example, when assigning workspace access.
How RICOH Spaces handles group membership
RICOH Spaces only syncs the AD groups you have explicitly enabled in the Groups section. We read membership from Microsoft Graph at the moment it's needed (for example, to evaluate whether a user can book a workspace) rather than maintaining a full mirror of your group membership in our systems. This is what the GroupMember.Read.All application permission is used for.
Editing a group
1. To edit a group, click on Edit.
2. In the new dialog, edit the group or its members. Hit the corresponding button to save. You can also delete the group.
Uploading AD groups
If your organisation has many AD groups, you can upload a list of just the ones you intend to use in RICOH Spaces. This saves you having to search for each one individually.
1. Click on Upload AD Groups at the top right of your screen.
2. In the new dialog, select your CSV file or download the template.
3. Once uploaded, the new groups will be added to the list of AD groups available for syncing.