Groups are a way to manage and assign workspace access and workspace roles for subsets of organization members.
Group members can be assigned these roles.
Member — (Default role) Enables access to any workspace the group is added to. No group administration permissions.
Group manager — Enables adding and removing group members and assigning other group managers. Group manager privileges are distinct from workspace manager privileges, meaning group managers aren’t automatically conferred workspace privileges in workspaces the group is added to.
See the following table for a comparison of group-related administrative permissions between group managers and admins.
Admins can create groups and assign a group manager.
In the header, click the initials icon and select Settings. Select the organization name tab.
On the Groups tab, click Add group.
Define a group name, then click Create. This name is visible to the organization.
Search for and select members to add to the group, then click Next.
Select members to assign the group manager role, then click Add.
Admins and workspace managers can start adding groups to shared workspaces to grant all group members access to that workspace. After adding a group to a workspace, you can assign the group a workspace role.
Admins can delete groups. Group managers don’t have this permission. Deleting a group rescinds any workspace access granted through membership of that group.
In the header, click the initials icon and select Settings. Select the organization name tab.
On the Groups tab, select the group to open the group details view.
Click the overflow icon 
, then select Delete group.
Click Confirm.
After a group is created, admins and group managers can manage the group members list.
In the header, click the initials icon and select Settings. Select the organization name tab.
On the Groups tab, select the group.
Click Add members.
Select a role, then search for and select the members to add to the group.
Click Add.
Admins and group managers can change group members’ roles.
In the header, click the initials icon and select Settings. Select the organization name tab.
On the Groups tab, select the group.
In the member’s row of the members list, click the edit icon
.
Select the new role and click Save.
Admins and group managers can remove group members. Removing someone from a group also rescinds any workspace access granted through membership of that group.
In the header, click the initials icon and select Settings. Select the organization name tab.
On the Groups tab, select the group.
In the member’s row of the members list, click the delete icon 
.
Click Confirm.
Single-tenant organizations using SAML- or OIDC-based single-sign on (SSO) can use group mapping to map groups created in their identity provider (IdP) to groups created in AI Hub. AI Hub group membership is then managed in your identity provider.
Group mapping for OIDC-based SSO configurations is in preview. To use this feature while in preview, turn on the Enable OIDC group mapping feature for your organization.
Group mappings can be added when creating a group or can be added to existing groups.
Add a mapping to a new group
In the header, click the initials icon and select Settings. Select the organization name tab.
On the Groups tab, click Add group.
Define a group name. This name is visible to the organization.
Turn on the Enable SAML mapping or Enable OIDC mapping toggle.
In SAML group name or OIDC group name, enter the name of the group as defined in your IdP. To map multiple IdP-defined groups to the AI Hub group, press Enter/Return between each entry.
Click Create.
After adding a group mapping to a new AI Hub group, the group members list doesn’t immediately populate. Upon each member’s next AI Hub login, their presence in the group in your IdP is verified. If a valid mapping is found, they’re added to the corresponding AI Hub group.
Add a mapping to an existing group
In the header, click the initials icon and select Settings. Select the organization name tab.
On the Groups tab, locate the group in the groups list, then click the overflow icon and select Create mapping.
Enter the name of the group as defined in your IdP. To map multiple IdP-defined groups to the AI Hub group, press Enter/Return between each entry.
Click Save.
After adding a group mapping to an existing group, the group members list in AI Hub initially remains unchanged. Upon each member’s next AI Hub login, their presence in the mapped IdP group is verified. If the group member isn’t part of the IdP group, they’re removed from the corresponding AI Hub group.
While group membership is managed at the IdP level, group roles aren’t. Group roles can be assigned manually.
If a group name has changed in your IdP or if you want to change which upstream group is mapped to an AI Hub group, you can edit group mappings.
In the header, click the initials icon and select Settings. Select the organization name tab.
On the Groups tab, locate the group in the groups list, then click the overflow icon and select Edit mapping.
Enter the name of the group as defined in your IdP.
Click Save.
After changing the group mapping, the group members list in AI Hub doesn’t immediately update. Upon each member’s next AI Hub login, their presence in the group in your IdP is verified. If the group member isn’t part of the newly mapped group, they’re removed from the corresponding AI Hub group.
Admins can remove group mappings. After removing a group mapping, the latest version of the group members list is maintained. Admins and group managers can then add and remove group members as needed.
In the header, click the initials icon and select Settings. Select the organization name tab.
On the Groups tab, locate the group in the groups list, then click the overflow icon and select Delete mapping.
Click Confirm.
