An Administrator manages or creates new groups and edits existing groups.

There are two reasons for using groups:

1. Groups can simplify assignment of applications and roles. Bulk application role assignments can be achieved by adding users to groups and then assigning applications and roles to the groups. With the use of SSO this can be further streamlined if group memberships are sourced from a remote identity management system.

2. Applications can leverage groups for categorizing users as per their own custom requirements. Administrators should work with application developers to ensure that groups are properly configured and populated.

Groups

Create groups

Click CREATE A NEW GROUP > to open a dialog box.

Add Group

Description of fields:

Fields
Descriptions
Name*
Enter the name. Group name contains alphanumeric characters and hyphens. They are not case sensitive.
External ID*
Enter the external ID. This is used for mapping an externally sourced group (perhaps from Microsoft Azure AD) to an Appivo Group.
Description
Optional.

*required

Click OK

Manage groups

An administrator can use groups to grant app permissions to groups of users. In the Appivo Platform, one can define group policies for groups which grant access to company’s applications.

Add User

From Manage your groups click > on the group in which the administrator wants to add a new user. A new dialog box opens.

The administrator selects users from the list to add to the group. Select the user to be added to the group, click > Add Selected User.

Add Role

From Manage your groups click > Roles > Assign Role. A new dialog box opens.

Description of fields:

Field
Description
Select Application
Select an application from the list of available applications.

Select Role
Select an application role to assign to the group of users.

Click OK

Add Child

From Manage your groups click > Add Child. A new dialog box opens.

Description of fields:

Fields
Description

Name*
Enter the name. Name contains alphanumeric characters. They are case sensitive.
Parent Group
By default, the parent group is selected.
External ID
Enter the External ID.
Description
Optional.

*required

Group mappings

When using Single Sign On (SSO) it is desired to source application- and application role assignments directly from the external identity provider. This can be accomplished using group mappings. Group mapping means that groups defined in the external identity provider can be correlated with groups in Appivo, this is done by adding the id of the external group to the Appivo group. Application role assignments can then be made directly to the Appivo group and when a user logs on he will automatically be assigned any application roles associated with the mapped group(s) that he/she belongs to.

✰Note: Group mappings are currently only supported when using Azure AD as an identity provider.