Groups Management
Groups provide a structured way to organize users within the organization. Instead of managing access at an individual level, administrators can group users based on roles, departments, or responsibilities and apply policies collectively.
This approach simplifies access control, improves scalability, and ensures consistent policy enforcement across users with similar access requirements.
Groups Overview
The Groups page provides a high-level summary of all configured teams within the organization.
Total Groups: Represents the total number of groups created. Helps track how users are segmented across the organization.
Number of Members per Group: Displays the number of users assigned to each group.
Provides visibility into group size and distribution.Creation Timestamp: Indicates when the group was created.
Useful for auditing and tracking administrative activity.Group Description: Optional field that provides context about the group’s purpose. Helps administrators understand the role of each group at a glance.
The overview helps administrators:
Understand how users are distributed across teams
Identify empty or inactive groups
Maintain organized access control structures
All Groups Table
The Groups Table provides detailed information about each group and allows administrators to manage them efficiently.
Column | Description |
|---|---|
Name | Name of the group or team |
Members | Number of users assigned to the group |
Description | Optional description explaining the group’s purpose |
Created At | Date and time when the group was created |
Actions | Options to edit, delete, or manage group members |
Additional Insights
Group names should reflect functional roles (e.g., Finance, HR, Engineering)
Descriptions improve clarity in large organizations
Managing Groups
Administrators can perform the following operations:
Create New Groups: Define a group name and optional description. Used to organize users based on roles, departments, or access levels
Add or Remove Members: Assign users to groups. Remove users when access is no longer required
Assign Policies to Groups: Link ZTNA or access policies to groups. All users within the group inherit the assigned policiesEliminates the need for individual user-level policy configuration.
Modify Group Description : Update group details for better clarity and documentation. Useful when group responsibilities evolve
Delete Unused Groups : Remove groups that are no longer required. Helps maintain a clean and manageable environment
Note: Ensure no active policies depend on the group before deletion.
Role of Groups in Access Control
Groups act as a bridge between users and policies:
Users → Assigned to Groups
Groups → Linked to Policies
Policies → Control access to Domains
Group Lifecycle
Create Group
Add Users
Update Members
Decommission (Delete when no longer needed)
Best Practices
Use role-based grouping (e.g., Admins, Developers, Finance Team)
Avoid assigning policies directly to individual users where possible
Regularly review group membership
Remove inactive users from groups
Maintain clear and consistent naming conventions
Key Benefits
Simplified policy management
Scalable access control for large organizations
Reduced administrative overhead
Consistent enforcement of security policies
Improved visibility and organization
Groups provide a powerful mechanism to organize users and streamline access control. By enabling policy enforcement at the group level, they reduce complexity, improve efficiency, and ensure consistent application of security policies across the organization.