Assigning resources to certain groups and then assigning users to those groups can ensure that only the right users have access to certain resources. This also saves the hassle of adding, managing, and changing user access at the user level. To manage groups, go to Organization > Members > Groups.
When a new workspace is created, a root organization with the same name as the workspace is automatically created. This is the highest organization level in the workspace and cannot be modified.
- Only the Owner and Super Admin can create and manage sites and groups.
- Only the Owner, Super Admin, Workspace HR Admin, Site Admin, and Site HR Admin can create a sub-group.
- IT Admin, Site Admin, and Site IT Admin are only available by default in workspaces created before February 2023.
To add a group:
Create a Site and Group: Once a new site is created, a new group with the same name is also created automatically.
- Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).
- Go to Settings > UniFi Consoles > Sites and click New Site.
- Create a Group under a Workspace: Go to Organization > Members > Groups and click the Add Group icon.
Create a Sub-Group under a Group: Do either of the following:
Go to Organization > Members > Groups, hover your mouse over a group, and click the three dots icon > Add Sub-group.
- Go to Organization > Members > Groups, click on a group, and click Users in the prompted panel > Go to Sub-Groups and enter the sub-group name.
Set Group Visibility
Group Visibility allows admins to determine whether a group is visible to all workspace users or only authorized users and groups. When a group is visible to a group of users, they can view and search for it in the user directory.
- This feature is unavailable in the Basic and Standard Plan. To apply for a free trial, please use your owner account to sign in to your Identity Enterprise Manager and go to Settings > Plan & Billing > Feature Usage > Apply for Plan Add-Ons.
- Make sure that you have been assigned a role with the Users and Groups Edit permission. To view details about role permissions, go to Organization > Admins > Roles, select a role, and click Settings > Permissions on the prompted panel.
- Go to Settings > Users > Permissions and tick the "Allow users to view the user directory" checkbox. This option is enabled by default.
- When ticked, user access to the directory is based on the Group Visibility settings.
- When unticked, no user can view the groups. Only admins with the "Users and Groups Edit" permission can view the groups.
- Go to Organization > Members > Groups and select a group.
- Go to Settings > Visibility and select "Public" or "Private".
- Public: All users can view this group in the user directory.
Private: Only the admins, authorized users, and groups can view this group in the user directory.
- Click Assign Users or Groups.
- Select users and groups.
- Click Add.
- Click Save.