You'll use PingOne groups to authorize user access to applications based on a user's group membership.

You'll need to add the relevant groups from the identity repository associated with your identity bridge to PingOne.

Note: If you've set up a Microsoft AzureĀ® identity bridge and elected to synchronize your Azure groups with PingOne, you'll use the Synchronize Groups button on the User Groups page to resynchronize your Azure groups with PingOne whenever there are any group additions or changes on your Azure provider.

If you haven't added any applications for SSO yet, no applications will be listed when you add a group. Don't worry, you'll have the option to assign the groups to applications when you add SAML, OpenID Connect, or Application Catalog apps. For all other applications and general usage, see Authorize group access to applications. The applications you've added then will be displayed.

Note: Unless you specify group authorization for an application, when you add the application, by default all members of all groups are given access to the application.
  1. Go to Users > User Groups.
  2. Do one of the following, depending on whether or not you're using an Azure identity bridge with group synchronization:
    • For an Azure identity bridge configured for group synchronization, the initial group synchronization has already occurred as part of the Azure identity bridge setup. To resynchronize the PingOne groups when additions or changes have occurred on your Azure provider, click Synchronize Groups.
    • For all other identity bridges as well as for Azure identity bridges without group synchronization, click Add New Groups and enter the name of one of your groups in the entry box.
  3. Click Save. The new group is added to PingOne and will appear in the groups listing on the User Groups page.
  4. Repeat these steps for each of the groups to add to PingOne.