Why do you need groups?
In idemeum you can create groups of users based on attributes in your HRMS system.
For example, you can define:
- All my employees who are part of an Engineering department in HRMS will become part of Engineering group in idemeum.
- You can take users directly and assign them to a certain group in idemeum, such as grouping all admins into a single logical entity.
Groups are an important concept in idemeum offering the following capabilities:
- You can use groups to entitle applications to employees. For instance, your Engineering group will have access to 3 applications (Atlassian, Slack, and AWS).
- You can use groups to provision to integrated applications. For instance, once you create group Admins you can configure idemeum to push this group into AWS so that you can assign certain permission sets to it. Therefore, every new user of Admins group will be provisioned into Admins group in AWS.
How to create groups
As an admin you have an option to mirror your groups based on HRMS attributes (basically create the same departments or roles in idemeum), or you can create completely new logical entities.
Today we support:
- Direct user assignment to groups
- User assignment to groups based on HRMS attributes
Follow the steps below to create groups in idemeum.
- Navigate to idemeum admin portal and choose Groups
- As a first step you will need to give a group a name
- Now you can create Rules based on which employees will become part of this group. Today we support multiple rules but they will all be joined with AND operation. For instance, Department - Engineering AND Country - USA.
- In the image above you have Country, Department, and Division coming from HRMS. Each HRMS we integrate with will support different attributes. Consult our documentation to see what is currently supported.
- You can also add user to groups directly by choosing User attribute and then choosing what users you want to assign to groups.
- Once you configure the group hit Save
Configure group provisioning into applications
idemeum also supports pushing groups to applications and assigning users to these groups in applications. Please, check our integrations catalog to see what applications support group management.
Enabling group provisioning for an application is very easy.
- Navigate to application configuration
- Choose Provisioning section
- Make sure you have group provisioning set to True
Here is how the group provisioning logic will work. If an application is assigned to a user that is part of the group, idemeum will first provision the group to application and then will assign the user to that group.
If the user changes groups, idemeum will automatically update all information in target applications.
Please let us know if you have any questions or suggestions.