PingOne Privilege

Managing groups

Groups in PingOne Privilege are collections of users that can be used to assign access policies efficiently. They function similarly to groups in identity providers (IdPs) such as PingOne or Azure AD.

PingOne Privilege doesn’t support nested groups. A group can only contain users, not other groups.

The system automatically generates two groups, admin and everyone, by default.

The admin group is a system-generated group. All users assigned to this group have the administrator role.

The everyone group is a system-generated group that automatically includes every user on the PingOne Privilege platform. When a new user is created or provisioned, they’re immediately added to this group.

The primary purpose of the everyone group is to grant all users default "list" permissions. This enables them to browse the resource catalog and submit just-in-time (JIT) access requests through the self-service portal.

Creating groups

To create a new group:

  1. In the PingOne Privilege admin console, go to Directory > Groups.

  2. Click Add.

  3. Enter a unique Name and an optional Description for the group.

  4. Click Save.

Adding and removing group members

To add and remove members from an existing group:

  1. In the PingOne Privilege admin console, go to Directory > Groups.

  2. In the list, select a group to view its details.

  3. On the right side of the screen, click Manage.

  4. Click the + and - buttons to add or remove users from the group. Click Save.