RSA Authentication Manager User Groups

Grouping users makes it easy to manage access to protected resources. A user group is a collection of users, other user groups, or both. Users and user groups that belong to a user group are called member users and member user groups.

User Group Organization

You can organize groups according to your organizational needs:

  • Geographic location. Groups can be created according to geography.

    • A city, state, or country

    • A region that includes several cities, states, or countries

  • Company divisions. Groups can be created according to functional areas in a company.

    • Department

    • Project

    • Job

  • Resources. Groups can be created according to particular resources.

    • Research and development files

    • Medical records

User Group Characteristics

User groups have the following characteristics:

  • Each user group is stored in an identity source, either an LDAP directory or the internal database.

  • Each user group is associated with a security domain.

  • A user group can contain multiple users and user groups.

    User groups stored in an external identity source can contain only users and user groups contained in that identity source.

  • A user group can include users and user groups that are managed in different security domains.

    For example, users in security domain A and users in security domain B can both be members of the same user group and thus access the same protected resources.

  • User group names must be unique within a single identity source.

    Authentication Managercan have two user groups with the same name if they are stored in two different identity sources.

  • Administrators can move user groups between security domains to transfer administrative responsibility for the group to a different administrator.

    For instructions,see Move User Groups Between Security Domains.

  • A user or user group can be a member of more than one user group.

  • You can add and remove a user from user group using the User Dashboard page.

    For instructions,see User Dashboard.

Creating User Groups

You can create user groups in the following ways:

To create a user group in the internal database, use the Security Console. For instructions, see Add a User Group and Add a User to a User Group.

To create a user group in an external identity source, use the LDAP directory native interface.