Manage groups

Groups provide an easy mechanism for gathering a set of authorization roles and access scopes required by a group of users.

To manage groups, you must be able to access the Console App. Access to the Console App is managed by authorization roles and access scopes.

From the Console App, use the Groups menu to:
  • Add or delete a group.
  • Add roles and scopes to a group.
  • Remove roles and scopes from a group.

Groups are not Authorization Roles

The three default groups are Administrator, Supervisor, and User. The three default authorization roles are Role.Admin, Role.Supervisor, and Role.User. They are not the same thing!

A distinction must be made between groups, authorization roles, and access scopes:
  • Groups are a collection of authorization roles and access scopes. When a user becomes a member of a group, they inherit its authorization roles and its access scopes.
  • Authorization roles provide access to applications. An application has one or more authorization roles; members of the assigned authorization roles can access the application.
  • Access scopes provide permissions for access to resources of web services or applications.

You can assign authorization roles to groups. For example, the Administrator group has the Role.Admin role selected by default. It can, however, be deselected, or you can add the authorization roles Role.Supervisor and Role.User to the Administration group. In addition, the Administrator group can have access scopes selected.

Who can manage groups

To add, manage, or remove groups, you must have the Role.Admin authorization scope.

Add a group

To add a group, select Groups > New. Enter the group name and description and click Create.

Once the group is created, select which access scopes to give to the group. By default, the openid scope for the OpenID API is selected; this scope supports OpenID-Connect authentication. Select any additional scopes and click Save.

Manage a group

To manage a group, select Groups > Manage groups. Select the row of the group to manage and click Modify. The Group form opens to display the group name, description. Roles are organized under Authorization roles and scopes are organized under Access scopes.

You cannot alter the group name or description.

You can select or remove authorization roles and access scopes. Click Save to save your changes.

Remove a group

To remove a group, select Groups > Manage groups. Select the row of the group to remove and click Remove.