One of the main uses of groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. is streamlined application assignment. Though you can manually assign users to an application (see People for more details), assigning applications to groups is more efficient for a large number of users.
You can create groups directly in Okta, but most admins already have groups in their corporate directories (for example, in Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. or an LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. server). By using the existing groups, you do not need to create and manage new groups in Okta—their existing group management processes keep them up to date. Select a group and then assign applications to it, or select an application and then assign it to one or more groups. Both methods are described below.
To assign apps to a selected group:
- In the AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, go to Directory > Groups. Select the group you want to assign apps to.
- Click Manage Apps to assign apps to the group.
- Click Assign for each appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. you want users in this group to have access to, and then click Done.
Note: Some apps require you to complete additional dialog boxes. For example, provide attributes that will be assigned to all users in a group for that app.
To assign a selected app to one or more groups:
- In the Admin Console, go to Applications > Applications. Select the application you want to assign to one or more groups.
- On the Assignments tab, click Assign.
- Select Assign to Groups for each group you want to assign this application to, and then click Done.
After you assign apps to groups (or groups to apps), all users in the group can access the application from their Okta home page.
- Assigning applications to users may cause Okta to provision accounts for them in the target application. You can use groups imported from apps like Box and Jira to manage application access, but this is not common. Groups from directories are more likely to be used for the management of group memberships.
- You can convert application access and user properties settings so that individually-owned applications become group managed. For details, see Converting Application Assignments from Individually Owned to Group Managed.