Groups

Account admins can efficiently manage their users by organizing them into groups and assigning roles to each group. This feature provides enhanced control over user permissions and enables streamlined collaboration within teams.

Managing users and their access can be a complex task, particularly in larger organizations or on platforms with multiple user roles. One effective way to streamline user management is through the use of user groups. Groups allow your customers to segment similar users into distinct groups, making it easier to manage their access to resources or features.

By using groups, customers can more efficiently grant or restrict access, ensure that users have the appropriate permissions to perform their tasks, and simplify user management overall. In this guide, we'll explore how to create and manage user groups, including the steps you need to take to set up and use groups effectively.

Prerequisite

Required versions:
@frontegg/react v5.0.27
@frontegg/angular v5.20.0
@frontegg/vue v2.0.24
@frontegg/nextjs v7.0.1

Enable Groups in the Admin Portal

To let customers manage groups on their own, go to Builder ➜ Experience ➜ Admin Portal ➜ Workspace, and toggle Groups on.

3024

After toggling it on (and publishing it to the appropriate environment), your customers should see a "Groups" tab in their admin portal.

If you want customers to be able to assign roles through groups, you can click on the pencil icon next to Groups, and toggle on "Roles".

3024

Using Groups in the Admin Portal

  1. Click "Add new group"
2550
  1. Choose a name for your group that reflects its purpose. For example, you might create a group called "Editors" for users who can edit content. Group names should be unique.
1658
  1. Optionally, write a description and and choose a color for the group.

  2. Assign the group roles, if available. All group members will get these roles.

  3. Add users to the group. You can only add users that are already users in the account.

1372

Group roles vs User roles

Users can get two kinds of roles: User roles and group roles. Default user roles are roles users have regardless of their group membership. In addition, users can have roles because of groups they're members in.

For example, if a user has a default role called "Admin" and they're also in a group that grants an "Admin" role, and you remove the default role, the user will still have the role because they are still a member of the group.

Group Management Permissions

To let your customers manage groups in the Admin Portal, they'll need roles with permissions related to groups. You can apply the following permissions to roles:

📘

Group permissions aren't group specific

They apply to all groups in an account, not just groups the user with these permissions is a member of. For example, if a role has the permission "Add users to groups", that role can add users to all groups in an account.

Read groups
fe.secure.read.groups

Create or update groups
fe.secure.write.groups

Delete groups
fe.secure.delete.groups

Add users to groups
fe.secure.write.groupsUsers

Remove users from groups
fe.secure.delete.groupsUsers

Add roles to groups
fe.secure.write.groupsRoles

Remove roles from groups
fe.secure.delete.groupsRoles