Directory Groups

4 minutes to read

Groups let you assign the same access permissions to multiple users at once. Instead of configuring access for each user individually, you can place users into a group and grant that group access to specific Flex applications or app connections. For example, you can create a Sales group and give all Sales users the same access level. A single group can be assigned to multipleroles across different Flex apps and app connections. There are two types of groups that you can configure: static and dynamic.

Static groups are groups where members are added and removed manually. You explicitly choose which users belong to the group, and membership remains unchanged until you update it. Static groups are useful when group membership does not change often or needs to be tightly controlled.

Dynamic groups automatically manage membership based on user data stored in custom directory fields. Instead of manually adding users, you define criteria using a view, and any user who meets that criteria becomes a group member. For example, an organization might use a custom user field called Department with available values such as Sales, Marketing, or Administration. When a user is created, the administrator assigns the appropriate department value. A view can then filter users by department, and that view is used to create a dynamic group. As user data changes, group membership updates automatically, ensuring permissions stay in sync without manual intervention.

Creating Groups

To manage access permissions for multiple users, create a group and add users to it.

Steps:

In your directory, click the Groups tab.
Click the Create group button.
Enter the group name.

Decide if you want to create a static or dynamic group:

IF…	THEN…
If you want to create a static group…	Click Create. Assign users to the group by clicking Add users, selecting users, and clicking Add.
If you want to create a dynamic group…	From the Type dropdown, select Dynamic. From the View dropdown, select the view that you want the group to be based on. Click Create. Note: To be used in a dynamic group, a view must contain the current directory table and include its UserGUID field.

Managing User's App Access

Groups offer you an interface where you can directly manage the users’ access to Flex applications.

Steps:

In a group, click Manage access.
In the right panel that opens, select the Flex application where you want to modify access.
In the list of roles in the app, do one of the following:
- Select checkboxes to add roles for users in this group.
- Clear checkboxes to remove roles as required.
Repeat for all apps where you want to manage access.
Click Save.

Modifying Groups

As a directory administrator, you can rename a group, add new users, or delete existing ones.

Renaming groups:

In your directory, click the Groups tab.
Hover over a group and select More → Rename.
Enter a new name for a group.
Click Rename.

Adding users to groups:

You can add users to a group if you want them to gain the same access permissions as other users in that group.

In your directory, click the Groups tab.
Hover over a group and select Open.
Click the Add users button.
In the Add users to group panel, select new users you want to add to a group.
Click Add.

Removing users from groups:

You can remove users from a group whenever they stop being entitled to the same access permissions. For example, an employee switching departments within your company does not need to be deleted as a user, but they might lose the permissions required for their former department.

In your directory, click the Groups tab.
Hover over a group and select Open.
Select the users you want to delete.
Click the Remove from group button.
Click Remove to confirm deletion.

Deleting Groups

You can also delete an entire group instead of removing users individually. Deleting a group does not delete the users in it.

Steps:

In your directory, click the Groups tab.
Hover over a group and select More → Delete.
Type DELETE to confirm.
Click Delete.