3.5 Groups

Groups page manages user groups within the realm to simplify role and permission assignments. Using this page, you can create, organize, and assign users to groups with shared access settings

What Is a Group in Ztrust?

Group in ztrust a collection of users that can share common roles, attributes, and access controls. Rather than assigning roles to each user individually, you can assign them to a group and all users in that group will inherit them

Group role inheritance is dynamic: When you add/remove roles from a group, all users in that group are immediately affected.

A user can belong to multiple groups.

Fig 3.5.a: Groups Section

Under the Groups tab, users have the ability to create various groups to accommodate specific sets of users.

You can use the search box to find a specific user.

You also have the option to go for Exact Search.

Click the Refresh button to see the latest settings.

Fig 3.5.b: Choose how many groups you want to display on one screen

You can also choose how many groups you want to display on one screen. Select your preferred option from the dropdown menu as shown above.

Fig 3.5.c: No groups in this realm

Create group

Click on the Create group option to generate a new group.

Fig 3.5.d: Create a new group

Choose any Name you like and form the group. For example - demo

Click on Create to establish the group, or click Cancel to abort the operation. Upon selecting Create, you will be directed to the screen below.

Fig 3.5.e: Group created

Fig 3.5.f: Edit options for group

After clicking on the three dots, the following options are visible:

• Rename - After selecting Rename, you will see the following prompt

Fig 3.5.g: Rename group

Enter the desired name for the group.

Click Rename to confirm the new name or Cancel to discard the change.

• Move to - After selecting Move to, the following prompt will appear:

Fig 3.5.h: Move group to Root

Choose the specific group where you want to move your group.

Fig 3.5.i: Click Move here to confirm

Then click Move here to confirm the action.

• Create child group - After selecting this option, the following prompt will appear:

Fig 3.5.j: Create child group

Enter any name according to your requirements. Click Create to create the child group, or click Cancel to discard.

Fig 3.5.k: Child group created

The new group will be created inside the previous group. For example, childgroup_demo2 will be created inside the rename_demo group.

• Delete - After selecting Delete, the following confirmation prompt will appear:

Fig 3.5.l: Confirmation to delete

Click Delete to remove the group, or click Cancel to abort the action.

Fig 3.5.j: Available groups

You can use the filter groups box to find a specific group.

Click the Refresh button to see the latest settings.

Fig 3.5.k: Choose how many groups you want to display on one screen

You can also choose how many groups you want to display on one screen. Select your preferred option from the dropdown menu as shown above.

Fig 3.5.l: To delete multiple groups at once

To delete multiple groups at once, select each group by clicking the checkbox next to it. Then, click Delete.

A confirmation prompt will appear.

Fig 3.5.m: Confirmation to delete

Click Delete to confirm the deletion, or click Cancel to abort.

Fig 3.5.n: Child group

Child groups

Create group

To create a new child group, click on Create Group.

Fig 3.5.o: Creating new chaild group

Enter the desired name.

Click Create to make the group, or Cancel to discard.

Fig 3.5.p: Available child groups

You can use the filter groups box to find a specific group.

Click the Refresh button to see the latest settings.

Fig 3.5.q: Choose how many groups you want to display on one screen

You can also choose how many groups you want to display on one screen. Select your preferred option from the dropdown menu as shown above.

Members

Fig 3.5.r: Users assigned to this group

After selecting Add member, you will be taken to the following screen.

Fig 3.5.s: List of users under same realm

Select the desired users by clicking the checkbox next to their names, then click Add.

Fig 3.5.t: Clicking the checkbox next to their names to add into group

You'll find the specific user within this group.

Fig 3.5.u: User added into group

Name

This is the name used by the user during creation.

It can also be used for logging into ZTrust.

Email

The user's provided Email address during registration or in case the user has been created by the Admin. It can also be used for logging into ZTrust.

First Name

The user's First Name or the First Name provided during registration.

Last Name

The Last Name provided by the user during registration, or the user's last name.

Membership

Fig 3.5.v: Option to remove the user

To remove the specific user from the group, simply click the Leave button.

Attributes

Fig 3.5.w: Group attributes tab

Within the Attributes section, you have the ability to define any variable you require for the entire Group.

Click on Add attributes.

Fig 3.5.x: Adding attribute to group

Just provide the Key, which is the variable you want to define, and then input its corresponding Value.

Click Add attribute to save the Key-Value pair.

To delete the Key-Value pair, click on the '-' symbol.

Click on Save to keep these alterations, and click on Revert to discard any changes made.

Role mapping

Fig 3.5.y: Group role mapping tab

Upon selecting the Assign role, you will be directed to the following screen.

Fig 3.5.z: Add role to group

You can use the search box to find a specific group.

Click the Refresh button to see the latest settings.

Fig 3.5.Aa: Choose how many groups you want to display on one screen

You can also choose how many groups you want to display on one screen. Select your preferred option from the dropdown menu as shown above.

Fig 3.5.Ab: Add realm role to group

You can then select the checkbox for the specific role you want to assign to this group. Click on the checkbox to select the role, then click on Assign.

If you decide not to associate the selected roles, click on Cancel to discard the changes.

Fig 3.5.Ac: Filter tab to clients roles

You also have the option to filter roles based on the clients.

Fig 3.5.Ad: List of client roles

You can then select the checkbox for the specific role you want to assign to this group. Click on the checkbox to select the role, then click on Assign.

If you decide not to associate the selected roles, click on Cancel to discard the changes.

After clicking on Assign, you can see the below screen.

Fig 3.5.Ae: Role added to group

You can use the search box to find a specific role.

Click the Refresh button to see the latest settings.

Fig 3.5.Af: Choose how many roles you want to display on one screen

You can also choose how many roles you want to display on one screen. Select your preferred option from the dropdown menu as shown above.

Hide inherited roles

Selecting this checkbox hides inherited roles, preventing you from seeing roles inherited from composites. To view inherited roles, simply uncheck this option.

Name

It includes the list of all the different roles that are already defined in ZTrust.

Inherited

This pertains to roles explicitly assigned to users and those inherited from composite roles. It can have two values: True (indicating the role is inherited from composites) or False (indicating it is not inherited from any composite role).

Description

It refers to the description for the role which will aid you in identifying its purpose.

This field can be localized by specifying a substitution variable with ${var-name} strings.

Fig 3.5.Ag: Option to remove role to group

Upon clicking on the three dots, you will find the Unassign option.

When you click on Unassign, a confirmation prompt will appear.

Fig 3.5.Ah: Confirmation to remove

If you wish to unassign a specific role from this group, click on Remove. Otherwise, click Cancel.

Fig 3.5.Ai: To unassign multiple roles simultaneously

To unassign multiple roles simultaneously, first, select the specific roles by clicking on the checkboxes next to them. Then, click on Unassign.

Fig 3.5.Aj: Confirmation to remove

You'll receive a confirmation prompt similar to the one shown above. To unassign the roles, click on Remove. Otherwise, click on Cancel.