Creating a group
You can add users as members to groups that delegated administrators create and manage. You can also add subgroups as members to a group.
The configuration for each delegated group type consists of the following elements:
- Group REST resource type
-
Defines the attributes to locate groups in the directory information tree (DIT).
- Parent DN or Parent resource type
-
Specifies the location in which to create groups in the DIT.
-
To specify a parent distinguished name (DN) for a resource type, enter the value in the Parent DN text box in the Resource Creation section. The parent DN is often identical to the search base DN, such as
ou=customers,ou=Groups, dc=example,dc=com
. -
To specify a parent resource type, select a value from the Parent Resource Type list in the Resource Creation section. Delegated administrators are subsequently presented with a list box that lets them select a resource, and the group is created under the selected parent resource. If you specify a parent resource type, set a value for the Primary Display Attribute Type in the Delegated Admin section. This setting determines the values that are displayed in the Delegated Admin GUI. For example, a primary display attribute type of
ou
displays theou
value in the list box for each resource within the parent resource type.
-
- Attributes
-
These attributes are presented to the delegated administrators.
To configure a group REST resource type, go to Configuration → REST Resource Types page in the PingData Administrative Console.
When creating or editing a REST resource type, the Search Base DN field in the General Configuration section determines the data structure that is searched in Delegated Admin, and the Display Name field in the Delegated Admin section specifies the label of the REST resource in the Delegated Admin GUI.
PingData Administrative Console | Delegated Admin GUI | |
---|---|---|
UI field |
Window and section |
UI field onNew Group page |
|
Configuration → REST Resource Types. Create or edit a REST resource type, and then go to the Delegated Admin section. |
|
|
Configuration → Delegated Admin Rights. Create or edit Delegated Admin rights, and then click New Delegated Admin Resource Rights. |
|
|
Configuration → REST Resource Types. Create or edit a REST resource type, and then go to the Resource Creation section. |
Display name for parent resource type |
|
Configuration → REST Resource Types. Create or edit a REST resource type, and then go to the Delegated Admin Attributes section. Click New Delegated Admin Attribute. |
Additional fields such as |