Grouping users makes it easy to manage access to protected resources. A user group is a collection of users, other user groups, or both. Users and user groups that belong to a user group are called member users and member user groups.
User Group Organization
You can organize groups according to your organizational needs:
-
Geographic location. Groups can be created according to geography.
-
A city, state, or country
-
A region that includes several cities, states, or countries
-
-
Company divisions. Groups can be created according to functional areas in a company.
-
Department
-
Project
-
Job
-
-
Resources. Groups can be created according to particular resources.
-
Research and development files
-
Medical records
-
User Group Characteristics
User groups have the following characteristics:
-
Each user group is stored in an identity source, either an LDAP directory or the internal database.
-
Each user group is associated with a security domain.
-
A user group can contain multiple users and user groups.
User groups stored in an external identity source can contain only users and user groups contained in that identity source.
-
A user group can include users and user groups that are managed in different security domains.
For example, users in security domain A and users in security domain B can both be members of the same user group and thus access the same protected resources.
-
User group names must be unique within a single identity source.
Authentication Managercan have two user groups with the same name if they are stored in two different identity sources.
-
Administrators can move user groups between security domains to transfer administrative responsibility for the group to a different administrator.
For instructions,see Move User Groups Between Security Domains.
-
A user or user group can be a member of more than one user group.
-
You can add and remove a user from user group using the User Dashboard page.
For instructions,see User Dashboard.
Creating User Groups
You can create user groups in the following ways:
To create a user group in the internal database, use the Security Console. For instructions, see Add a User Group and Add a User to a User Group.
To create a user group in an external identity source, use the LDAP directory native interface.