Creating group accounts

Content Platform Tenant Management
Version
9.7.x
File Size
4269 KB
Audience
anonymous
Part Number
MK-95HCPH002-19

You create group accounts by first displaying a list of AD groups and then selecting the ones from which you want to create HCP group accounts. After selecting the groups you want, you select the roles you want to associate with those group accounts. If you have the administrator role, you can also associate data access permissions with the accounts.

You can create up to the maximum supported number of group accounts in a single operation (that is, 100).

In HCP, each AD group is identified by both the group name and the name of the AD domain in which the group is defined (for example, hcp-admin@ad.example.com). The HCP group account created from an AD group has the same name as the AD group, including the domain name. Internally, however, the HCP group account is associated with the security ID (SID) of the AD group.

You can create an HCP group account from any group defined in the AD forest that HCP uses for user authentication. The only exceptions are predefined groups such as Administrators that have the same SID in all domains.

You can use a single operation to both create new group accounts and change the roles and data access permissions associated with existing group accounts. In this case, all the accounts involved end up with the same roles and permissions.

  1. On the Groups page in the Tenant Management Console, click Add Active Directory Groups.
    The Find and Select Groups section lists all the AD groups HCP knows about. Groups for which HCP group accounts already exist for the tenant are marked with a checkmark ().
  2. (Optional) Filter the list of AD groups.
    1. In the Find and Select Groups field, type a text string to use as a filter for the list of AD groups from which you can create HCP group accounts.
      This string can be up to 64 characters long and can contain any valid UTF-8 characters, including white space. It is not case sensitive.
    2. Click the find control ().
    3. To redisplay the entire list of AD groups after filtering it, click the clear filter control ().
  3. For each AD group from which you want to create an HCP group account, click the add control () to select the group.
    For each AD group with an existing HCP group account for which you want to change the associated roles, click the add control () to select the group.
    To select all the groups in the list, click Select All.
    To deselect a selected group, click the remove control () for the group.
    To deselect all the selected groups, click Clear.
    The selected group rows turns green.
  4. In the Assign Roles to Selected Groups section, select the roles you want to associate with all the new group accounts you’re creating and all the existing group accounts for which you’re changing the associated roles.
    You can select any number of roles, including none.
  5. (Optional) If you have the administrator role, select Allow namespace management.
    This option is selected automatically and cannot be deselected if the account being created has the administrator role.
  6. (Optional) If you have the administrator role, click Assign Namespace Permissions. Then associate data access permissions with the group accounts
  7. Click Add Groups.