Groups
Groups are a way of managing multiple users and applications that belong to the same team but need different access permissions as part of secure device access (SDA). Access policies control a group's access permissions, and the group can include applications, users or both.
Users and applications can belong to multiple groups. If a user or application belongs to more than one group, they have the combined permissions of all those groups.
Notes:
- This page is about user and application groups. For device groups, see the Device directory chapter's Device groups section.
- The Groups page shows the default Developers and Administrators groups that control access to Portal and the services. However, these groups are not part of the SDA feature, and you are not expected to manage them.
- You can perform all access management actions with the Account Management API.
Creating a new group
To create a new group:
-
In Access Management > Groups, click New Group.
The Create new group pop-up opens.
-
Enter a group name.
-
Click Create new group.
You are asked to enter your password.
-
The group is added to the table.
At this point, it has no users or applications and is not associated with an access policy. It has Developer permissions by default.
Managing an existing group
To manage an existing group:
-
In Access Management > Groups, click the group's name on the list.
The User groups pane opens.
-
The pane has five tabs:
- Summary: basic group information. Not editable.
- Users: list of current group users. Available actions: add and remove users. See below.
- Applications: list of current group applications. Available actions: add and remove applications. See below.
- API keys: list of current group API keys. Available actions: add and remove keys. See below.
- Attributes: full group information as returned by the API. Not editable.
Adding users to an existing group
To add users to a selected group:
-
In the Users tab, click Add users to group.
The Select users page opens with a list of all the users in your team, even those who belong to other groups.
-
You can search for a user by email or browse the list.
-
Select one or more users.
-
Click Add users to group.
You are asked to enter your password.
-
You are returned to the User group page.
The users are now listed in the Users tab.
Adding applications to an existing group
You can add an application to as many groups as you need to. The application has the combined permissions of all those groups.
To add applications to a selected group:
-
In the Applications tab, click Add application to group.
The Select applications page opens with a list of all the applications in your team, even those who belong to other groups (because applications can belong to more than one group at a time).
-
Select one or more applications.
-
Click Add applications to group.
You are asked to enter your password.
-
You are returned to the User group page.
The applications are now listed in the applications tab.
Deleting an existing group
Because users and applications can belong to multiple groups and have the combined permissions of all of those groups, they can build up permissions over time in a way that may be hard to manage. It is therefore a good idea to delete any group you no longer need. This revokes the group’s permissions from its users and applications.
Deleting a group is an irrevocable action. If you decide you want the group again, you have to manually create it and associate users, applications and access policies with it.
Deleting a group doesn't delete users, applications or access policies associated with the group.
To delete a group:
-
In Access Management > Groups, check the group's name from the list. You can select more than one group at a time.
-
Click Actions > Delete group.
You are shown the list of selected groups and asked to confirm deletion.
-
If you confirm deletion, you are asked to enter your password.
-
The group is deleted.