Creating a group

Before you begin

Attention: If Create Group does not appear, it means the Active Directory / LDAP or an OpenID Connect (OIDC) provider is not configured properly (see Configuring active directory / LDAP or Configuring OpenID Connect).

Procedure

  1. Log in to the Manager Web Interface.
  2. Click the Security tab in the main menu.
  3. Click Create Group from the Accounts and Groups heading to display the Create New Group page.
  4. Select the method by which this group is authenticated.
    • If this group is authenticated against an external directory service, click the Active Directory or LDAP radio button and enter the distinguished name for the group in the Distinguished Name field..
    • If this group is authenticated against an OIDC provider, click the OIDC radio button and enter the expected claim value for the group in OIDC provider in the Claim Value field.
      Note: The claim value is typically a group name configured in the OIDC provider. See your OIDC provider documentation for details on how groups are managed.
  5. Enter the alias for the new group in the Alias field.
  6. Check the check boxes in the Assign Role column that correspond to the role you want to assign to the user.
    Check the check box in the Read Only column to grant read-only permissions.
    Note: See Roles for specifics on what capabilities each role possesses.
  7. Perform the following steps under the Vault Access heading to grant the group permissions on standard vaults and management vaults (access to containers is managed via Service API or Cloud Object Storage requests).
    1. Check the check boxes to the left of each Vault for the groups that you want to grant access.
      Note: Click Select All to select all Vaults.
    2. To grant the group owner permission for the selected Vaults, click Move to Owner.
    3. To grant the group read-only permission for the selected Vaults, click Move to Read-Only.
    4. To grant the group read and write permission for the selected Vaults, click Move to Read/Write.
    5. To change which permissions are granted, click the appropriate tab to find the wanted Vault, then repeat these few steps to give the group the correct permission for the Vault.
  8. Click Save from either of the taskbars.