Add AuthPoint Groups

Applies To: AuthPoint Multi-Factor Authentication, AuthPoint Total Identity Security

In AuthPoint, groups are how you define which resources your users have access to and which Corporate Credentials are shared with them. You add users to groups in AuthPoint, then you add the groups to the authentication policies that specify which resources users can authenticate to.

You must add at least one group before you can add authentication policies or add users to AuthPoint.

There are two ways to add AuthPoint groups:

  • Add local AuthPoint groups
  • Sync groups from an external user database

Add Local AuthPoint Groups

To add a group to AuthPoint, in the AuthPoint management UI:

  1. From the navigation menu, select Groups.
  2. Click Add Group.

Screen shot that shows the Groups page.

  1. In the New Group section, in the Name text box, type a descriptive name for the group.
  2. (Optional) In the Description text box, type a description of the group.

Screen shot that shows the New Group page.

  1. Click Save.
    Your group is listed on the Groups page.

Screen shot that shows the New Group page.

Screen shot that shows the Groups page with a new group added.

Sync Groups from an External User Database

To sync external groups from Active Directory or Azure Active Directory, you must add an external identity in the AuthPoint management UI and configure a group sync with the option to Create new synchronized groups enabled. If you do this, when AuthPoint syncs with your external identity the sync creates new groups in AuthPoint based on the Active Directory or Azure Active Directory groups that you sync users from. External users sync to the new groups based on group membership in Azure Active Directory, in addition to the AuthPoint group specified in the group sync.

If you change the name of a synced group in Active Directory or Azure Active Directory, the synced group in AuthPoint will automatically update to match. You cannot edit the synced groups in AuthPoint.

If you delete a group in Active Directory or Azure Active Directory, or if you delete the group sync, the synced group is not deleted in AuthPoint. You must manually delete the synced group in AuthPoint.

The option to create new synchronized groups in AuthPoint does not include Active Directory and Azure Active Directory groups that are not specified in the group sync. If a synced user is a member of an Active Directory or Azure Active Directory group that is not specified in the group sync, that external group will not be created in AuthPoint.

To learn how to create an external identity and configure a group sync, go to Sync Users from Active Directory or LDAP and Sync Users from Azure Active Directory.

Related Topics

Add User Accounts

Sync Users from Active Directory or LDAP

Sync Users from Azure Active Directory

About AuthPoint Authentication Policies