Documentation

Mistake on this page? Email us

Groups

Groups are a way of managing multiple users and API keys that belong to the same team but need different access permissions as part of secure device access (SDA). Access policies control a group's access permissions, and the group can include keys, users or both.

Users and keys can belong to multiple groups. If a user or key belongs to more than one group, they have the combined permissions of all those groups.

Notes:

  • This page is about user and API key groups. For device groups, see the Device directory chapter's Device groups section.
  • The Groups page shows the default Developers and Administrators groups that control access to Portal and the services. However, these groups are not part of the SDA feature, and you are not expected to manage them.
  • You can perform all access management actions with the Account Management API.

Creating a new group

To create a new group:

  1. In Access Management > Groups, click New Group.

    The Create new group pop-up opens.

  2. Enter a group name.

  3. Click Create new group.

    You are asked to enter your password.

  4. The group is added to the table.

At this point, it has no users or keys and is not associated with an access policy. It has Developer permissions by default.

Managing an existing group

To manage an existing group:

  1. In Access Management > Groups, click the group's name on the list.

    The User groups pane opens.

  2. The pane has four tabs:

    • Summary: basic group information. Not editable.
    • Users: list of current group users. Available actions: add and remove users. See below.
    • API keys: list of current group API keys. Available actions: add and remove keys. See below.
    • Attributes: full group information as returned by the API. Not editable.

Adding users to an existing group

To add users to a selected group:

  1. In the Users tab, click Add users to group.

    The Select users page opens with a list of all the users in your team, even those who belong to other groups.

  2. You can search for a user by email or browse the list.

  3. Select one or more users.

  4. Click Add users to group.

    You are asked to enter your password.

  5. You are returned to the User group page.

The users are now listed in the Users tab.

Adding API keys to an existing group

You can add a key to as many groups as you need to. The key has the combined permissions of all those groups.

To add API keys to a selected group:

  1. In the API keys tab, click Add keys to group.

    The Select keys page opens with a list of all the keys in your team, even those who belong to other groups (because keys can belong to more than one group at a time).

  2. Select one or more keys.

  3. Click Add keys to group.

    You are asked to enter your password.

  4. You are returned to the User group page.

The keys are now listed in the API keys tab.

Deleting an existing group

Because users and API keys can belong to multiple groups and have the combined permissions of all of those groups, they can build up permissions over time in a way that may be hard to manage. It is therefore a good idea to delete any group you no longer need. This revokes the group’s permissions from its users and keys.

Deleting a group is an irrevocable action. If you decide you want the group again, you have to manually create it and associate users, keys and access policies with it.

Deleting a group doesn't delete users, API keys or access policies associated with the group.

To delete a group:

  1. In Access Management > Groups, check the group's name from the list. You can select more than one group at a time.

  2. Click Actions > Delete group.

    You are shown the list of selected groups and asked to confirm deletion.

  3. If you confirm deletion, you are asked to enter your password.

  4. The group is deleted.

Assigning an access policy to a group

See the Access Policies page.