Skip to main content

Cloud directory

Group management

idemeum allows you to combine users in groups based on various attributes, so that you can perform granular access control.


When you leverage idemeum local directory, you can simply create custom attributes for your user records, and then combine users in groups based on these custom attributes. For example, you can create Engineering group for all users who work in engineering department. What is more, when you integrate with external user source, such as HR system, idemeum can pull custom attributes from external user source and use those attributes to combine employees into groups.

Groups use cases

Application entitlements

You can use groups to entitle applications to employees. For instance, your Engineering group will have access to 3 applications (Atlassian, Slack, and AWS).

Group provisioning

You can use groups to provision to integrated applications. For instance, once you create group Admins you can configure idemeum to push this group into AWS so that you can assign certain permission sets to it. Therefore, every new user of Admins group will be provisioned into Admins group in AWS.

Group configuration

  • Navigate to idemeum admin portal and choose Groups
  • Click Add group
  • Give your group a name
  • Now you can create rules based on which employees will become part of this group. For instance, in the case below I am using the Job Title attribute from my local directory to group Product Managers and Engineers in the same group.
  • You can also assign users directly to groups without leveraging attributes
  • Once you configure the group hit Save

Group provisioning

idemeum also supports pushing groups to applications and assigning users to these groups in applications. Please, check our integrations catalog to see what applications support group management.

If an application is assigned to a user that is part of the group, idemeum will first provision the group to application and then will assign the user to that group. If the user changes groups, idemeum will automatically update all information in target applications.

  • Navigate to application configuration
  • Choose Provisioning section
  • Make sure you have group provisioning set to True