PingOne

Groups and populations

Groups and populations are both used to organize users, but they differ in several ways.

A user can belong to multiple groups, but only one population. A population is a fundamental organizational unit to which you can assign a particular sign-on policy and IdP, while groups offer more fine-grained control over user access to applications.

For example, you could create two populations in your environment. One population would contain all of your finance employees, and the other would contain your engineering and support staff. You can assign each of these populations a different sign-on policy, and can also set different IdPs for each.

Within each population, you can create groups to define subsets of the population. Although a user can belong to only one population at a time, they can belong to multiple groups. These groups can then be given access to different applications. For example, in your employee population, you might have groups for different departmental organizations such as Marketing, Engineering, and Payroll.

You can create groups at the population level or the environment level. A population-level group can contain users from that population only, but an environment-level group can contain users from different populations in the same environment. Administrators who are assigned roles scoped only to the population level can create groups for those populations only and cannot create groups at the environment level.

Key differences between groups and populations are summarized in the following table:

Populations and Groups comparison
Populations Groups Both
  • Users can belong to only one population

  • You can assign a sign-on policy to a population

  • You can assign an identity provider to a population

  • You can create groups within a population to define subsets of that population

  • Users can belong to more than one group

  • Groups can contain users from more than one population

  • Sign-on policies and identity providers can’t be assigned to groups

  • You can create groups within a population

  • Groups allow fine-grained control over access to applications

  • Populations and groups are defined at the environment level

  • Administrator roles can be assigned to groups and populations

On the Groups page, population-level groups include the name of the population under the group name.

Learn more in Groups and Populations.