In AuthPoint, groups are how you define which resources your users have access to and which Corporate Credentials are shared with them. You add users to groups in AuthPoint, then you add the groups to the authentication policies that specify which resources users can authenticate to.
You must add at least one group before you can add authentication policies or add users to AuthPoint.
There are two ways to add AuthPoint groups:
- Add local AuthPoint groups
- Sync groups from an external user database
Add Local AuthPoint Groups
To add a group to AuthPoint, in the AuthPoint management UI:
- From the navigation menu, select Groups.
- Click Add Group.
- In the New Group section, in the Name text box, type a descriptive name for the group.
- (Optional) In the Description text box, type a description of the group.
- Click Save.
Your group is listed on the Groups page.
Sync Groups from an External User Database
To sync external groups from Active Directory or Azure Active Directory, you must add an external identity in the AuthPoint management UI and configure a group sync with the option to Create new synchronized groups enabled. If you do this, when AuthPoint syncs with your external identity the sync creates new groups in AuthPoint based on the Active Directory or Azure Active Directory groups that you sync users from. External users sync to the new groups based on group membership in Azure Active Directory, in addition to the AuthPoint group specified in the group sync.
If you change the name of a synced group in Active Directory or Azure Active Directory, the synced group in AuthPoint will automatically update to match. You cannot edit the synced groups in AuthPoint.
If you delete a group in Active Directory or Azure Active Directory, or if you delete the group sync, the synced group is not deleted in AuthPoint. You must manually delete the synced group in AuthPoint.
The option to create new synchronized groups in AuthPoint does not include Active Directory and Azure Active Directory groups that are not specified in the group sync. If a synced user is a member of an Active Directory or Azure Active Directory group that is not specified in the group sync, that external group will not be created in AuthPoint.