Words and Phrases
Manage Groups
Concepts
The Service Manager Service Portal Administrator can add groups to an organization to differentiate users and assign roles to users. After you define the groups within your organization, you can assign roles and permissions to the various groups of users.
There are three types of Service Manager Service Portal groups:
- LDAP Representation — members in this group are configured on an LDAP server, which is specified in an Authentication Configuration for the organization. After an LDAP Representation Group is created, members of the designated LDAP server can log in to Service Manager Service Portal.
-
Database Representation — members in this group are manually added from an LDAP server by the Administrator. This type of group is local to Service Manager Service Portal. To manually add members, an LDAP Representation group must have previously been created, which specifies the LDAP server.
Eligible LDAP users for a Database Representation group are:
- Members who have previously logged in to Service Manager Service Portal.
- Members who are direct reports to a manager who previously logged in to Service Manager Service Portal.
- Calculated Representation — members in this group are added from an LDAP server according to criteria specified by the Administrator. To add members, the Administrator specifies calculation criteria that a user must match, such as the user's manager, given name, or email address. Additionally, for users to be added to the group, combining criteria is specified so that a user has to either match one of the defined criteria or all of the criteria. This can be treated as a logical OR if you select "At least one criteria must match", or a logical AND if you select "All Criteria Must Match."
Tasks
The Administrator can perform these tasks in the Groups view:
- View Groups
- Add Group
- Edit Group
- Add User
- Add Role
- Remove Associated User
- Remove Associated Role
- Remove Group
View Groups
To view all of the groups in an organization:
- Click the Identity application in the Launchpad.
- In the Organization List view, click the organization that contains the groups you want to view.
- In the Organization Details view, click Groups.
The Groups view is displayed and all of the groups in the organization are listed.
Add Group
Note This task assumes you are in the Groups view for the organization. (See View Groups for instructions.)
To add a group to an organization:
- In the Groups view, click Add Group.
- In the Add Group dialog, provide the following required information:
- Type a descriptive Group Name.
- In the Group Representation Type field, select either:
- LDAP Representation - for which you type the Distinguished Name and select the Authentication configuration.
- Database Representation - for which you manually add Associated Users to the group. Note, see Concepts for details of manually adding users to a Database Representation group.
- Calculated Representation - for which you first specify a Reference User, and then a set of User Profile Attributes is displayed. Next, you add attributes to the Calculation Criteria. Finally, to complete the criteria for the Calculated Representation group, you select the Combining Criteria — either all criteria must match or at least one criteria must match. Note, see Concepts for details of adding users to a Calculated Representation group.
Additionally, you can manually add Associated Roles to any of these group types.
- Click the Save button to finish and save your new group.
The new group is displayed in the Groups list.
At this point, no roles have been associated with the group. You need to associate roles with this group to grant the roles for the organization's users. See Manage Roles for details.
Note The first time you add a group and associate roles within the group, it is an integrated process. You first input information into the Groups view, then access the Roles view and associate roles with a group. Finally, you associate permissions with roles in the Permissions view.
Edit Group
Note This task assumes you are in the Groups view for the organization. (See View Groups for instructions.)
To edit a group in an organization:
- In the Groups view, for the group you want to edit, click the edit
icon. - In the Edit Group Settings dialog, you can change:
- For LDAP Representation groups — the Group Name, Distinguished Name, and Authentication. Additionally, you can also add Associated Roles.
- For Database Representation groups — the Group Name. Additionally, you can also add Associated Users and Associated Roles.
- Click Save to finish and save your changes to the group.
Add User
Note This task assumes you are in the Groups view for the organization. (See View Groups for instructions.) You can add associated users only to Database Representation groups.
To add an associated user to a group:
- In the Groups view, for the group you want to add a user, click the edit icon.
- In the Edit Group Settings view, click Add User (to the right of the Associated Users field).
- In theAdd User dialog, select the user you want to add to the group, and then click Save to finish.
The new user is listed under the Associated Users field.
Add Role
Note This task assumes you are in the Groups view for the organization. (See View Groups for instructions.)
To add an associated role to a group:
- In the Groups view, for the group you want to add a role, click the edit icon.
- In the Edit Group Settings dialog, click Add Role (to the right of the Associated Roles field).
- In theAdd Role dialog, select the role you want to add to the group, and then click Save to finish.
The new role is listed under the Associated Roles field.
Remove Associated User
Note This task assumes you are in the Groups view for the organization. (See View Groups for instructions.) You can remove associated users only from Database Representation groups
To remove an associated user from a group:
- In the Groups view, for the group you want to remove an associated user, click the edit icon.
- In the Edit Group Settings dialog, click the X to the right of the associated user to remove it from the group.
- Confirm deletion of the associated user from the group to finish.
The associated user is removed from the group.
Remove Associated Role
Note This task assumes you are in the Groups view for the organization. (See View Groups for instructions.)
To remove an associated role from a group:
- In the Groups view, for the group you want to remove an associated role, click the edit icon.
- In the Edit Group Settings dialog, click the remove
icon to the right of the associated role. - Confirm deletion of the associated role from the group to finish.
The associated role is removed from the group.
Remove Group
Note This task assumes you are in the Groups view for the organization. (See View Groups for instructions.)
To remove a group from an organization.
- In the Groups view, for the group you want to remove, click the remove icon.
- In the Remove Group dialog, verify removal of the group.
The Service Manager Service Portal group is removed.
Related Topics
- Manage Organizations – Create, revise, and delete organizations.
- Manage Languages – Add, set as default, and delete languages within a Consumer organization.
- Manage Roles – Associate roles to groups and remove roles from groups.
- Manage Permissions – Associate groups and permissions to roles and remove groups and permissions from roles.
- Manage Impersonations – For request on behalf, create and delete impersonations.
- Service Manager Service Portal Automation License – Manage Service Manager Service Portal licensing.
