|This topic may not be relevant to all Bluescape members and may not apply to all Organizations. If you’re unsure whether your Organization has this capability, please reach out to your IT department.|
|Bluescape support must enable the groups feature for this functionality to be available.|
Organization Owners and Admins can manage and provision multiple members at a time with groups. These groups are created in the client’s active directory and then synced to the Configuration Center. This leads to more efficient provisioning of multiple new members.
To manage member groups, click the Groups icon in the Configuration Center.
The Groups page opens.
Note: Groups must be enabled by Instance Admins.
In order to provision a group of members, you must first add the group provider to the Configuration Center.
To add a group provider:
- Click the New Group Provider button in the top right of the page.
- The New Group Provider pop-up window opens. Enter a name for the group provider.
- Enter the Tenant ID associated with your active directory.
- When you are finished, click Save.
The new group provider will now display in the Group Provider list.
After you have created a new group provider, you must log in to the administrative account of your active directory. This will connect Bluescape to your active directory and enable you to perform group syncs.
To log in to your active directory from Bluescape:
- Follow the steps above to add a new group provider if you have not done so already.
- Click the Login button that appears under the Sync column of the Group Provider list next to the new group provider.
- A pop-up window opens. If this is your first time connecting your group provider, you will be prompted to grant Bluescape the proper permissions.
- You are prompted to log in to your active directory with the tenant ID. This creates an authorization token. (If you have logged in before, you will be taken directly to this step).
All subsequent group syncs for your Organization will be performed using the credentials of the active directory account.
You can edit or remove an existing group provider.
To edit a group provider:
- Click the (gear) icon next to the group provider you want to change.
- The Edit Group Provider pop-up window opens. Edit the name or tenant ID by typing in their respective fields.
- You can remove the connection to your current account email address by clicking the blue X button. You can then log in to a new email address to connect it to your group provider.
- When you are finished, click the Save button.
- To delete the group provider, click the Delete button.
Note: If you edit or delete your group provider, it will invalidate your current connection to the Active Directory, and you must either log in with your new credentials or, if you deleted the group provider, create a new one.
Once you have added a group provider and logged in to your active directory, you can sync one or more groups within that provider with your active directory. This ensures that the group(s) are up to date and match the active directory as its source of truth.
To sync groups
- Click the Selected Sync button next to the group provider you want to sync.
- The Sync Selected Group pop-up opens.
Type the name of the member group(s) you want to sync or click the name field to display a drop-down of all available groups.
3. Click one or more groups from the drop-down menu.
4. When you are finished, click Save.
The group(s) will be displayed in the Groups list, with a status of Started and a progress bar under the Status column. When the group(s) have been successfully synced, the Synced status displays, and the progress bar is complete.
After you have added a group provider and synced it to the Configuration Center, you can assign or change the Organization role that is assigned to every member of the group.
To edit a group’s settings:
- Click the (gear) icon next to the group.
- The Edit pop-up window opens.
Click the Organization Role field to open a drop-down menu of available roles.
The role that you select will become the Organization role for all members in the group. For more information, see Organization Roles.
- (Optional) You can sync the individual group from the pop-up window by clicking the Sync button.
- When you are finished, click the Save button.
The group’s settings will reflect your changes.
You can also delete the group by clicking the Delete button in the Edit pop-up window (pictured above). This removes the group from Bluescape, but not from your active directory. It also removes any members who were not already part of a Bluescape Organization before being added in a group.
You can view the list of members in a group within the Configuration Center.
To view the members of a group:
- Scroll down to the Groups list on the Groups page.
- Click the group name under the Name column.
- The members of the group display in a list, including their name, email address, and status.
- When you are finished viewing the list, click the Close button at the bottom of the screen.
The Groups page of the Configuration Center returns.
Note: If the SSO application on the IDP does not have Group restrictions in place, any member will be able to pass through the IDP via the Single Sign-On link.
Not what you were looking for? Ask the community for help.