Manage groups

Groups provide an easy mechanism for gathering a set of scopes required by a group of users.

To manage groups, you must be able to access the Console App. Access to the Console App is managed by authorization scopes; see Managing GIP components to learn more.

From the Console App, use the Groups menu to:
  • Add or delete a group.
  • Add scopes to a group.
  • Remove scopes from a group.

Groups are not Authorization Scopes

The three default groups are Administrator, Supervisor, and User. The three default authorization scopes are Role.Admin, Role.Supervisor, and Role.User. They are not the same thing!

A distinction must be made between groups and authorization scopes:
  • Groups are a collection of scopes. When a user becomes a member of a group, they inherit its scopes.
  • Authorization Scopes provide access to applications. An application has one or more authorization scopes; members of the assigned authorization scopes can access the application.

You can assign authorization scopes to groups. For example, the Administrator group has the Role.Admin scope selected by default. It can, however, be deselected, or you can add the authorization scopes Role.Supervisor and Role.User to the Administration group. In addition, the Administrator group can have scopes selected that are not authorization scopes.

Who can manage groups

To add, manage, or remove groups, you must have the Role.Admin authorization scope.

Add a group

To add a group, select Groups > New. Enter the group name and description and click Create.

Once the group is created, select which scopes to give to the group. By default, the openid scope for the OpenID API is selected; this scope is necessary in order for the group to support OpenID-Connect authentication. Select any additional scopes and click Save.

Manage a group

To manage a group, select Groups > Manage groups. Select the row of the group to manage and click Modify. The Group form opens to display the group name, description and scope selections.

You cannot alter the group name or description.

You can select or remove scopes. Click Save to save your changes.

Remove a group

To remove a group, select Groups > Manage groups. Select the row of the group to remove and click Remove.