When you assign a group to an application, there might be information in the target application that you want to assign to the user. For example, in Salesforce there is Profile and Role data. When a user is a member of more than one group assigned to the application, it might be confusing which Profile and Role they get. Group priority determines this.
To set group priority:
- Select Applications from the Dashboard.
- Select an application.
- Click Assignments and then the GroupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. tab.
- Change the order of the groups by grabbing the dotted bar next to the group name, as shown below, and moving the group to the desired position in the list.Screenshot
Group Priority options can be accessed during attribute creation, as shown below, and can be changed later.
To access group policy options, do the following:
- From the Dashboard, select Directory > Profile Editor.
- Select the Profiles button for an appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in..
- Scroll down to Attributes for the app, then either click the Add Attribute button or scroll down to an existing attribute.
Once completed, click the Add or Save Attribute button.
Choosing this option enables you to prioritize which individual attributes should be honored when a user belongs to more than one group.
The Office 365 app can serve as a good example of how this works. One very common attribute that Office 365 brings into Okta is Licenses. This is an attribute that might easily be shared by various groups within an organization. If a user is assigned to two different groups, Engineering and Sales, for example, which have overlapping attributes, choosing Combine values across groups would be the best choice because it unifies all the attributes.
Here's how this scenario might look in Office 365. A user named Mike Barnes is given the Office 365 app. Mike is a member of both the Engineering and Sales teams, shown as groups in Okta.
Both groups receive License data from Office 365. If an adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. chooses the Use Group Priority option in UD (as explained in Group Priority, above), Mike would only receive attributes from the Engineering team because the group holds priority on the group level.
If an admin chooses Combine values across groups in UD, Mike would receive the attributes from both the Engineering and Sales groups because their attributes are combined.