A group is an entity used to organize a set of related users. This allows for example to differentiate between different user segments. You might want to create a group customers and a group employees for example.

A group allows you to do the following.


The most common use case of groups is simply to simplifying selecting a set of related users. After assigning a group to an user, you can Grouping users to allow searching and selecting. From your systems.

GET /api/scim/v2/Users?sortBy=id& sortOrder=descending& count=20& startIndex=0& filter=groups.value%20eq%20%228ec3654b-2d54-47a9-b56e-22ace9e533d8%22 HTTP/1.1
Authorization: Bearer ...

Read more about searching for users in Users

Access Control

While is not a full blown access control systems, it provides basic policy enforcement capabilities. It does so by allowing limitting what (user) groups can log in to a certain application.

Go to Applications, select an application from the list and scroll down. There you will find a heading Restrictions. Select the group to which you would like to restrict access to.

Used in rules

Within rules you have access to the groups a user is a member of. This opens up possibilities like selecting customized mails to users depending on their group. Or returning special attributes in an OpenID Connect id_token or userinfo-endpoint based on this group.