Assigning group membership

Assign users and groups to a group to efficiently manage their application access.

Before you begin

You can assign multiple users and groups to a group in a single operation.

If the group membership is no longer applicable for the user or group, you can remove the user or group from the group.

Note:

Nested groups are also supported and managed through the APIs.
The user interface (UI) can process operations for up to 10K users. If you need to perform an operation on more than 10K members in a group, use the PATCH operation in the Group Membership API. See https://webui-devenv.ite1.idng.ibmcloudsecurity.com/developer/explorer/.

Select Directory > Users & groups.
Select the Groups tab to assign one or more users or groups to the group.
Navigate to the Add Group or Edit Group dialog box, whichever is applicable.
Select Add to open the Group Members dialog box.
1. Use the Search field for a filtered list of data.
  
  Note: If you are adding users or groups to an admin or application owners group, you can search for federated users. Otherwise, only cloud directory users and groups can be searched.
2. Select the user or group from the Search results list and Select.
  
  Alternatively, double-click the user from the list.
3. Optional: If you added users or groups by mistake, select the user or group from the Selected users & groups list and select Remove.
4. Optional: If the target user is not in the returned search results, select Add new user. Use this option to create a cloud directory user or a federated user who was not yet authenticated to Verify See Creating a user.
  
  Note: When you select Save in the Add User dialog box, the user is created and can be viewed or updated from Users & Groups.
5. When you are finished adding users, select Done to assign the users to the group.
  
  Note: If you added a user or group, but choose to Cancel, the user or group is not added to the group.
Optional: To remove a group member from the Add Group or Edit Group dialog box, select the user, and select Remove.

Select Done.

The Group Members list is updated. The following information is displayed when available:

Table 1. Display information
Information	Descriptions
Name	Given name and surname of the user. Note: For federated users, this information is optional.
Email	Email address of the user where notifications are sent such as the user's new password after a reset request, or the one-time password. Note: For federated users, this information is optional.
Username	Unique identifier for logging in to Verify. It can be the same as the email address of the user. Note: For federated users, the username is concatenated with an @ followed by the realm that is associated with the identity provider from which the user information is retrieved. For example, `johnsmith@example.com@ADFS` where `johnsmith@example.com` is the user's registered user name and `ADFS` is the user's realm.