RSA Authentication Manager User Groups

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

Grouping users makes it easy to manage access to protected resources. A user group is a collection of users, other user groups, or both. Users and user groups that belong to a user group are called member users and member user groups.

User Group Organization

You can organize groups according to your organizational needs:

  • Geographic location. Groups can be created according to geography.

    • A city, state, or country

    • A region that includes several cities, states, or countries

  • Company divisions. Groups can be created according to functional areas in a company.

    • Department

    • Project

    • Job

  • Resources. Groups can be created according to particular resources.

    • Research and development files

    • Medical records

User Group Characteristics

User groups have the following characteristics:

  • Each user group is stored in an identity source, either an LDAP directory or the internal database.

  • Each user group is associated with a security domain.

  • A user group can contain multiple users and user groups.

    User groups stored in an external identity source can contain only users and user groups contained in that identity source.

  • A user group can include users and user groups that are managed in different security domains.

    For example, users in security domain A and users in security domain B can both be members of the same user group and thus access the same protected resources.

  • User group names must be unique within a single identity source.

    Authentication Managercan have two user groups with the same name if they are stored in two different identity sources.

  • Administrators can move user groups between security domains to transfer administrative responsibility for the group to a different administrator.

    For instructions,see Move User Groups Between Security Domains.

  • A user or user group can be a member of more than one user group.

  • You can add and remove a user from user group using the User Dashboard page.

    For instructions,see User Dashboard.

Creating User Groups

You can create user groups in the following ways:

To create a user group in the internal database, use the Security Console. For instructions, see Add a User Group and Add a User to a User Group.

To create a user group in an external identity source, use the LDAP directory native interface.

 

 

 

 


Attachments

    Outcomes