Groups can be added to the Team Server to assign permissions to groups of users. Groups can be added manually, but also via import by means of an external identity provider. Group import via an identity provider is part of the Team Server configuration, and is usually performed by application administrators.
When using Azure AD, groups (and users) are defined by Azure AD, so they are imported in the Team Server. If you wish, you can still manually add groups to the Team Server, but these can only contain manually added users, not imported users.
When using Active Directory or a SAML-based identity provider, you need to manually add groups to the Team Server. With SAML you can define user memberships for these groups in SAML in order to add members to the groups. With Active Directory, you can manually add members to these groups after users have been imported via synchronization. With Active Directory and SAML, groups can have a mix of external (imported) and internal users.
When groups are added, they can be assigned one or more roles for the Team Server. The role determines the permissions in the Team Server, in HoriZZon, and for Team Platform-related work in Enterprise Studio for the users in the group. The role also determines which information in the Team Server and in HoriZZon is visible to the users in the group.
Adding a group
- In the sidebar menu, click Groups, and then click Add group.
- In New group, add the name for the group and a description if desired. The group name must be unique.
- Set the role(s) for the group. You can choose the following roles: Consumer, Contributor, Designer, Lead Designer, and Administrator. Only if you have the System Administrator role yourself, the System Administrator role is available.
For more information about the roles, see User roles and permissions.
- Click Add group.
- On the group manage page, in the members list, select the check boxes next to the users you want to add to the group, and then click Apply.
To add all users at once, click Include all. If a filter is active on the list, only the users who match the filter will be affected.