Create and Configure Groups
Create user groups and user accounts so that your BeyondInsight administrators can log in to BeyondInsight.
When a user is added to a group, the user is assigned the permissions assigned to the group.
You can create BeyondInsight local groups, as well as add Active Directory, Azure Active Directory, and LDAP groups into BeyondInsight.
You can filter the groups displayed in the grid by type of group, name of the group, group description, and the date the group was last synchronized.
By default, the first 100 groups are displayed per page. You can change this by selecting a different number from the Items per page dropdown at the bottom of the grid.
Create a BeyondInsight Local Group
- Navigate to Configuration > Role Based Access > User Management.
- Under Groups, click Create New Group.
- Select Create a New Group.
- Enter a Group Name and Description for the group.
- The group is set to Active (yes) by default. Click the toggle to set the group to Active (no) if you want to activate it later.
- Click Create Group.
- Assign users to the group:
- Under Group Details, select Users.
- From the Show dropdown list, select Users not assigned.
- Filter the list of users displayed in the grid by Type, Username, Name, Email, and Domain, if desired.
- Select the users you wish to add to the group, and then click Assign User
By default, new groups are not assigned any permissions. You must assign permissions on features and smart groups after creating a new group. For more information on permissions and how to assign them, please see Assign Group Permissions.
For releases prior to 21.3, and for upgrades to the 21.3 release, if the user account's group membership has changed (in the SAML claims provided) upon subsequent logins, BeyondInsight does not deprovision the user by removing them from the groups that were initially mapped to their account. Instead, BeyondInsight maps the user to any newly assigned groups, in addition to the groups their account is already mapped to.
You can configure BeyondInsight to synchronize group membership each time a local user logs in using SAML, as follows:
- Navigate to Configuration > Authentication Management > Authentication Options.
- Under SAML Logon for Local Users, toggle the Enable Group Resync option to enable it.
For new installs of release 21.3 and later releases, this option is enabled by default.