Introduction
Single Sign-On Identity (SSO.ID) is a centralized authentication mechanism that allows users to access multiple applications or services with a single set of login credentials. In the context of SSO.ID, group role management refers to the practice of assigning and managing user roles and permissions within the SSO system based on groups.
Purpose of group role management
- Access Control
- Efficiency
- Consistency
Access Control
SSO.ID provides Groups that allow for easier management of access control. Instead of individually assigning permissions to each user, administrators can assign permissions to groups. This simplifies the management process, especially in large organizations with numerous users and varying levels of access.
Efficiency
Group-based access control is more efficient than managing permissions on a per-user basis. When a new user joins an organization or when existing users' roles change, administrators can simply add or remove them from relevant groups rather than adjusting each user's permissions individually.
Consistency
Group-based access control promotes consistency in access permissions. Users within the same group typically have similar roles or responsibilities, ensuring that they have access to the same resources and applications required to perform their tasks effectively.
Create Group in(SSO.ID)
SSO.ID offers its users the ability to create groups easily for improved access control and product efficiency. In the group role management section, administrators can create a group, add multiple users to it, assign applications to these users, and designate group roles for the selected applications. To create a new group of users in SSO.ID you should click on “+" button the right top of corner.
When you click on the button for create new group, a dialogue will be open with some parameters. We are trying to brief shortly every parameter for better understanding.
Group Name
When creating a new group of users, you must select a unique and easily understandable name for your group. The group name is mandatory and must be provided. Duplicate group names are not permitted. Alphanumeric combinations are acceptable for this field.
Users
In the "USERS" tab, you can grant access to your selected applications to a specific group of users. Duplicate users are not permitted in the group. You can also assign roles to these allowed users of the group based on their behavior and role requirements. Once you have completed the selection of users in the new group, click on the "ASSIGN APPLICATION" button.
ASSIGN APPLICATION
In the "Assign Application" section, administrators can allocate one or multiple applications to the new group. These applications are automatically generated from Application pages created by clients. Admins have full access to assign any application to any group. Moreover, we offer a checkbox next to each application. Please mark the applications you want to grant access to, and the selected applications will be assigned to the new group.
ASSIGN ROLE
After assigning applications to the new group, the next step is to assign multiple roles within these selected applications. Each application has its own set of roles. Select the specific roles you wish to grant to this group of users. You can change the application in the list of applications. This list will display all the applications you selected during the application assignment process. When you change applications, the available roles will also change accordingly. If you need to add a new role in any application, you can do so in the role management section, which we will explain further. In the final step, after filling out the group name, assigning applications, and assigning roles, click the "Create" button. This will result in the successful creation of a new group of users.
Update Information
In the group management section, administrators can modify the basic information of any group. This includes updating their group name, assigning applications, updating application roles, and other related details.
GET groups endpoint
The "GET groups" API in a Single Sign-On Identity (SSO.ID) system typically allows you to retrieve a list of groups that are defined within the system. These groups often represent different roles, departments, or organizational units and are used for managing access control and permissions across the organization's resources.
GET: https://app.sso.id/groups
Headers URL encoded
Authorization: {{bearer Your_token}}