Managing groups
A group is a logical collection of users who can perform the same activities or who have the same authority to access resources. Use groups to manage and control application access for multiple users. When you create an application instance, you can assign which groups are entitled to access the application.
Before you begin
- You must have administrative permission to complete this task.
- Log in to the IBM® Security Verify administration console as an Administrator.
About this task
admin
group by default, where its members can perform Verify administrative tasks,
such as:- Creating, editing, and deleting users and groups.
- Configuring single sign-on for applications.
Verify provides the following reserved groups. A reserved group cannot be modified or deleted. Only the membership can be changed.
Verify also includes an
application owners
group for users who are assigned as application owners. Members
of this group can access Entitlements. If they own
applications, they can assign the users or groups that can access their applications.
Verify also includes a
helpdesk
group. Members in this group can select Switch to
admin to access the administration console. They can view information about
applications, governance operations, users and groups, reports, security, and configuration. They
can reset passwords, update user information, manage user multi-factor authentication settings,
delete linked identities, and run reports.
Verify also includes a
readonly
group. Members in this group can select Switch to
admin to access the administration console. They can view information about
applications, governance operations, users and groups, reports and configuration. They cannot modify
any information. However, they can run reports.
Verify also includes a
developer
group. If the IBM Security Verify Developer Portal application is
installed, members in this group are entitled to access the Developer Portal where they can use the
Verify APIs to develop new
applications.
Verify also includes a privacy officer group for users who are assigned as privacy officers. Members in this group can select Switch to admin to access the administration console. They can create purposes, End User License Agreements (EULAs), and privacy policies. They can also view consent activity reports and read entitlements.
You can create additional, customized groups based on the users' department, role, or other characteristics. Users can belong to one or more groups. However, it is not mandatory for a user to belong to a group.
A group profile must exist before you can add users as members to it.
To entitle groups from your SAML enterprise identity source, you must create shadow groups in the cloud directory and use the same names as the groups in your SAML enterprise identity source. The shadow groups need not be populated with any members. The shadow group serves as a placeholder that represents the SAML enterprise group.