Managing Groups

This page explains how to manage groups.

Predefined Groups

The Delinea Platform has two predefined groups:

Types of Groups

The platform supports the following types of groups: global ADClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. security groups, universal ADClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. security groups, and user attributes/claims named groups. It does not support distribution lists. A distribution list, sometimes inaccurately called a distribution group , is used to send email to users specified on the list. But on any access control system including the Delinea Platform, groups are used for access control. A distribution list cannot be used for access control because it cannot be listed in discretionary access control lists (DACLs). A distribution list has no index, so you can’t query it to determine if a user (trying to access something) is or is not on the list, rendering the distribution list useless for purposes of controlling access. 

For more information on groups, roles, and permissions, see Understanding Roles and Permissions.

Adding a Group

  1. Click Access from the left navigation, then select Groups.

    alt

  2. Click Add Group.

    alt

  3. Click Save.

  4. On the Add group page, enter a group Name and Description.

  5. Click Save.

Adding Users to a Group

You can add several types of members to a group, including users, directory groups such as ADClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network., and Delinea groups. To add a member to a group, follow these steps:

  1. Click Access from the left navigation menu, then select Groups.
  2. On the Groups page, click a group.

    alt

  3. On the specific group page, click the Members tab.

  4. Click Assign Members.

  5. On the Assign members page, search for and select each user you want to add, then click Add.

User Directory Service Configuration

  1. Click Settings from the left navigation, then select Directory services.

  2. Select the checkbox next to a directory service you want to use or remove. Actions available for a selected directory service vary:

    • Delinea and Federated directory are read only (no actions).
    • Active directory can only be moved (no remove).
    • Other directory types can be removed.

A dialog appears with options that include one or more of the following, depending on the type of directory or directories you selected: Clear Selected, Move Down, Move Up, or Remove Selected.

User Directory Service Configuration

Additional Attributes

  1. On the Configuration page, click the Additional Attributes tab.

    alt

  2. Click Add Attributes.

  3. On the Add Attributes page, enter a name in the Name field. The name can contain only letters, numbers, and underscores. It must begin with a letter and contain at least one underscore.

    alt

  4. In the Type field, search for a type or click the dropdown arrow and pick one of the following:

    • Number
    • Number (Decimal)
    • Text
    • True/False
    • Data Time
  5. Click Save. A message appears: Your Attribute has been AddedClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. Successfully.

On the platform, user roles and their associated permissions are assigned to users through the users' memberships in platform groups, including platform groups mapped to federated groups (see Mapping Federated Groups). For more information on groups, roles, and permissions, see Understanding Roles and Permissions.

For related content, see the following: