Managing Groups
Groups are the pool of users who can access TIBCO Control Plane resources and capabilities based on permissions they have received. As a best practice, you must manage the groups in your identity provider and assign permissions to them from TIBCO Control Plane.
Assigning permissions to groups is only possible if an external identity provider that supports groups has been configured. TIBCO Support team will configure the IdP connection based on communication with you.
Assigning Permissions to Groups
- The IdP manager must have configured Single Sign-on.
- Groups from IdP are added in TIBCO Control Plane by TIBCO Support team. This is applicable to TIBCO Operated Control Plane environment.
- Procedure
-
Go to User Management > Groups. Click Assign Permissions.
-
Select the group name and group value configured in your identity provider and click Next. Group value is text field and case sensitive. You can add multiple groups by using the Add new button. If multiple groups are added, the permission is assigned using the OR operation for users in multiple groups.
The external IdP has a small set of group names. For example: Location, Manager Name, Cost Center, Business Group etc. Users have different values depending on their membership. Multi-valued attributes such as
memberOf
are also supported.While assigning permission, you select group name from the drop down and the corresponding value. For example, you can select group name as Location and value as New York, so that employees from New York gets assigned the permission. If you add one more group as Manager and value as John. Then employees with location as New York or Manager as John gets assigned the permission.
-
For more information about assigning permissions, see Managing Users.
Viewing Group Details
On the Groups page, click the group name to view group details and assigned permissions. To update permissions, click the vertical ellipsis icon next to the group and click Update permissions. If you have assigned any permission to group then only the group is listed in this Groups list.