PingOne

Nested groups

A nested group is a group that is a member of another group.

Use nested groups to allow inheritance of membership and application access from one group to its subgroups. For more information, see Application access control.

You cannot nest an environment-level group inside a population-level group.

For example, assume an environment has three groups: Group A, Group B, and Group C. Each group has access to a single application: Group A has access to App1, Group B has access to App2, and Group C has access to App3.

If you nest Group B inside of Group A, and Group C inside of Group B, then application access will be as follows:

  • Group A has access to App1.

  • Group B has access to App1 and App2.

  • Group C has access to App1, App2, and App3.

The following diagram illustrates this example.

Nested groups diagram

Circular references

You can also nest groups inside their subgroups. Continuing the previous example, if you add Group A as a subgroup of Group C, creating a circular reference, then all three groups will have access to all three applications.