Before you start authorizing group access to applications, you will need to set up your identity bridge, and add the relevant applications for your single sign-on (SSO) users.

You can use PingOne groups to authorize user access to applications based on a user's group membership. To do this, you will assign applications to groups. This authorizes the group members to access the applications and displays the applications on each member's PingOne dock. Only members of the group will then have access to the application.

By default, all users in your PingOne groups are given access to the applications you have added. Applications that you do not assign to a group are available to all users (they can SSO to the application URL), but the applications will not be displayed in their PingOne dock.

  1. Go to Users > User Groups.
  2. Select the group whose application access you want to limit and click Edit. The Edit Group/Application Associations page is displayed.
  3. Click the checkbox next to each application that you want this group to be able to access.
    Use the Default Application checkbox to assign the selected applications as the default applications for this group.
  4. Click Save. The group is authorized to use the selected applications. The application names are displayed in the group listing on the User Groups page.
  5. Repeat these steps for each group whose access to applications you want to limit.