Help Center/ OneAccess/ User Guide/ Enterprise Administrator Guide/ User Management/ Managing Dynamic User Groups
Updated on 2024-12-30 GMT+08:00
View PDF
Share

Managing Dynamic User Groups

On the OneAccess administrator portal, you can create dynamic user groups and automatically add users to user groups based on member rules (member matching scope, matching rule, calculation rule, and blacklist and whitelist). In addition, you can add, edit, and delete dynamic user groups as required. For details about dynamic user group-based authorization, see Configuring Authorization Policies for Application Accounts.

Adding a Dynamic User Group

  1. Log in to the administrator portal.
  2. On the top navigation bar, choose Users > Organizations and Users.
  3. On the Organizations and Users page, click the User Groups tab.
  4. Click Create Dynamic Group.
  5. In the Create Dynamic Group dialog box, select an organization, enter a user group name and description, and select an application scenario.
  6. Click Next and enter a dynamic user group member rule.

    1. Member matching range: Click Select to select an organization. You can select Include sub-organizations, Exclude sub-organizations, or Include sub-organizations but exclude some organizations to limit the member matching scope.
      • If you select Exclude sub-organizations, the system searches for only the members that meet the filtering rules among the immediate members of the selected department.
      • If you select Include sub-organizations but exclude some organizations, you need to set the lower-level organizations to be excluded.
    2. Matching rules: Select an attribute, select restriction conditions, and enter values to restrict the attributes of a user. The restrictions include greater than, less than, equal to, not equal to, and including. You can click Add Rules to add multiple matching rules.
    3. Algorithm rules: define the relationship between multiple rules added in 6.b. The default relationship is AND. You can adjust the relationship as required.
    4. Select a user and add it to the blacklist or whitelist.

  7. Click OK.

Viewing Details About a Dynamic User Group

In the user group list, click the name of a dynamic user group to view its details, including the user group information, matched members, authorized applications, and audit logs.

  • Details: You can view the basic information (name, organization, description, and application scenario) and member rules (member matching range, matching rule, calculation rule, and blacklist and whitelist) of a dynamic user group.
  • Members: You can view the information about the matched members in the dynamic user group, such as the username, mobile number, and email address.

    Click Member Count in the upper right corner of the user group member list to automatically add users who meet the member rule to the dynamic user group.

  • Applications that the user group has been authorized to access, including the logo and application name.

    If you click Delete in the Operation column of the row that contains an application, the user group will be automatically deleted from the account authorization policy of the application. Then, member addition and deletion for the user group will be automatically synced to the application.

  • Audit logs: You can view the operations performed by the administrator on the user group, such as adding members and calculations. You can filter data by time, administrator username, or name.

Modifying Dynamic User Group Information

  1. In the user group list, click Modify in the Operation column of the dynamic user group to be modified.
  2. In the Modify User Group dialog box, modify the name, description and application scenario of the user group. The organization to which the user group belongs cannot be changed.
  3. Click OK. The dynamic user group is modified.

Editing Member Rule

You can modify a member rule to add members of different organizations to the same user group for unified management and authorization. For details about user group-based authorization, see Configuring Authorization Policies for Application Accounts.

  1. In the user group list, click Member rules in the Operation column on the right of the dynamic user group.
  2. On the page for modifying a member rule, select the member matching range, enter the matching rule, select the blacklist and whitelist users, and click Submit Calculation. The member rule is modified.

Deleting a Dynamic User Group

In the user group list, click Delete in the Operation column on the right of the dynamic user group and click OK to delete the dynamic user group. Deleting a dynamic user group will not delete the users, but will affect their application permissions. For details about user-based authorization, see Configuring Authorization Policies for Application Accounts.

A dynamic user group associated with an application cannot be deleted.

Parent topic: User Management