Managing groups
Groups are a way to manage and assign workspace access and workspace roles for subsets of organization members.
Group roles
Group members can be assigned these roles.
-
Member — (Default role) Enables access to any workspace the group is added to. No group administration permissions.
-
Group manager — Enables adding and removing group members and assigning other group managers. Group manager privileges are distinct from workspace manager privileges, meaning group managers aren’t automatically conferred workspace privileges in workspaces the group is added to.
See the following table for a comparison of group-related administrative permissions between group managers and admins.
Adding groups
Admins can create groups and assign a group manager.
-
In the header, click the initials icon and select Settings.
-
Select the Members tab.
-
On the Groups tab, click Add group.
-
Define a group name, then click Create. This name is visible to the organization.
-
Search for and select members to add to the group, then click Next.
You can’t add groups to a group. Groups can’t be nested. -
Select members to assign the group manager role, then click Add.
What's next
Admins and workspace managers can start adding groups to shared workspaces to grant all group members access to that workspace. After adding a group to a workspace, you can assign the group a workspace role.
Deleting groups
Admins can delete groups. Group managers don’t have this permission. Deleting a group rescinds any workspace access granted through membership of that group.
-
In the header, click the initials icon and select Settings.
-
Select the Members tab.
-
On the Groups tab, select the group to open the group details view.
-
Click the overflow icon
, then select Delete group. -
Click Confirm.
Managing group members
After a group is created, admins and group managers can manage the group members list.
-
In the header, click the initials icon and select Settings.
-
Select the Members tab.
-
On the Groups tab, select the group.
-
Click Add members.
-
Select a role, then search for and select the members to add to the group.
-
Click Add.
Changing group roles
Admins and group managers can change group members’ roles.
-
In the header, click the initials icon and select Settings.
-
Select the Members tab.
-
On the Groups tab, select the group.
-
In the member’s row of the members list, click the edit icon
. -
Select the new role and click Save.
Removing group members
Admins and group managers can remove group members. Removing someone from a group also rescinds any workspace access granted through membership of that group.
-
In the header, click the initials icon and select Settings.
-
Select the Members tab.
-
On the Groups tab, select the group.
-
In the member’s row of the members list, click the delete icon
. -
Click Confirm.
Group mapping
EnterpriseOrganizations using single-sign on (SSO) can use group mapping to map groups created in their identity provider (IdP) to groups created in AI Hub. AI Hub group membership is then managed in your identity provider. Group mapping is supported with security assertion markup language (SAML)-based SSO.
Adding group mappings
Group mappings can be added when creating a group or can be added to existing groups.
Add a mapping to a new group
-
In the header, click the initials icon and select Settings.
-
Select the Members tab.
-
On the Groups tab, click Add group.
-
Define a group name. This name is visible to the organization.
-
Turn on the Enable SAML mappingtoggle.
-
In SAML group name, enter the name of the group as defined in your IdP.
-
Click Create.
After adding a group mapping to a new AI Hub group, the group members list doesn’t immediately populate. Upon each member’s next AI Hub login, their presence in the group in your IdP is verified. If a valid mapping is found, they’re added to the corresponding AI Hub group.
Add a mapping to an existing group
-
In the header, click the initials icon and select Settings.
-
Select the Members tab.
-
On the Groups tab, locate the group in the groups list, then click the overflow icon
and select Create new mapping. -
Enter the name of the group as defined in your IdP.
-
Click Save.
After adding a group mapping to an existing group, the group members list in AI Hub initially remains unchanged. Upon each member’s next AI Hub login, their presence in the upstream group is verified. If the group member isn’t part of the upstream group, they’re removed from the corresponding AI Hub group.
What's next
While group membership is managed at the IdP level, group roles aren’t. Group roles can be assigned manually.
Editing mappings
If a group name has changed in your IdP or you want to change which upstream group is mapped to an AI Hub group, you can edit group mappings.
-
In the header, click the initials icon and select Settings.
-
Select the Members tab.
-
On the Groups tab, locate the group in the groups list, then click the overflow icon
and select Edit mapping. -
Enter the name of the group as defined in your IdP.
-
Click Save.
After changing the group mapping, the group members list in AI Hub doesn’t immediately update. Upon each member’s next AI Hub login, their presence in the group in your IdP is verified. If the group member isn’t part of the newly mapped group, they’re removed from the corresponding AI Hub group.
Removing mappings
Admins can remove group mappings. After removing a group mapping, the latest version of the group members list is maintained. Admins and group managers can then add and remove group members as needed.
-
In the header, click the initials icon and select Settings.
-
Select the Members tab.
-
On the Groups tab, locate the group in the groups list, then click the overflow icon
and select Delete mapping. -
Click Confirm.