User groups
User groups are used to assign specific roles to a set of user accounts. For example, if a user is a member of a user group that is assigned with user administrator role, that user can perform all actions that a user administrator is allowed to do, such as managing users in the organization.
If a user belongs to one or more user groups, that user inherits roles that are assigned to each user group of which they are a member in addition to the roles that are assigned directly to that user.
To view user groups and assign roles, click Groups in the context menu on the Users page.
LDAP user groups
Currently, only LDAP user groups are supported. These groups are supported only when using XClarity One on premises and your organization is configured to use an LDAP server for authentication.
In addition to role assignments, LDAP user groups are used to control which LDAP users are allowed to sign in to XClarity One. Only users who belong to one or more user groups in the LDAP server that you explicitly map to LDAP user groups in XClarity One will be permitted access. Users who are not members of at least one LDAP user group cannot sign in.
When a user signs in to XClarity One with their corporate (LDAP) credentials, XClarity One retrieves the user’s group assignments from the LDAP server and automatically synchronizes their corresponding LDAP user group membership in the portal. For example, if a user initially belongs to LDAP group A, but the LDAP server is later updated to remove them from group A and add them to group B, XClarity One applies these changes the next time the user signs in. After synchronization, the user is a member of LDAP group B in the portal and is no longer associated with group A.
You must manually create LDAP user groups in XClarity One that match the user-group names in the LDAP server and then assign roles to those groups. XClarity One requires at least one LDAP user group.
Nested LDAP user groups are supported. Roles can be assigned to the parent and child groups. A user in a child group automatically inherits roles assigned to both the parent and child group.
You cannot manually add or remove users from an LDAP user group through XClarity One. User groups membership can be changed only in the LDAP server.
LDAP user groups must be assigned roles in XClarity One. They do not inherit roles that are assigned to user groups in the LDAP server.
You cannot manually remove users from an LDAP user group in XClarity One. Instead, remove the users from XClarity One.
When an LDAP server is removed, all LDAP user groups in XClarity One that belong to that LDAP server is removed.