Groups

Groups are collections of users that can be granted access to resources.

Groups in Oblique simplify access management by letting you grant entitlements to collections of users rather than individuals. This makes it easier to manage entitlements and provides context for understanding why an entitlement exists.

Learn more about groups Learn more about groups in Oblique, and when to use which type of group.

Create a group

You can create groups in three ways: automatically based on user attributes, automatically based on reporting hierarchy, or manually by adding specific users to a team.

Create an attribute-based group

Attribute-based groups let you automatically group together users who share specific attributes like location, department, or role. These groups help grant access to resources that users should inherently have based on their characteristics.

You must be a admin to create an attribute-based group.

To create a new attribute-based group, from the Groups page, select Add group > Attribute group.

1. In the Group details section, enter the attribute-based group name in the Display name field.
2. Under Membership rules, select the attribute you wish to use and its value. To be added to the groups, users must match all selected attributes. To add additional attributes, select Add another rule.
3. Under Member preview, you can preview which users will be members of the group based on the attributes you’ve selected.
4. Select Create group.

Oblique creates the attribute-based group and automatically redirects you to the new group’s detail page.

Create a reporting group

Reporting groups let you automatically group together users based on reporting hierarchy. These groups help grant access to resources that users should have based on their position in the organization.

Reporting groups are defined based on the manager canonical attribute.

A reporting group includes all users who have the selected manager, or all users who have the selected manager in their reporting hierarchy. The manager themselves is not a member of the reporting group.

You must be a admin to create a reporting group.

To create a new reporting group, from the Groups page, select Add group > Reporting group.

1. In the Group details section, under Manager, select the manager for whom you want to create the reporting group.
2. (Optional) Toggle Include indirect reports to include both direct and indirect reports in the group. By default, only direct reports are included.
3. The Display name field automatically generates based on your selections and cannot be edited. This is “Manager’s direct reports” for groups including only direct reports, or “Manager’s organization” for groups including both direct and indirect reports.
4. Under Member preview, you can preview which users will be members of the group based on the manager and type you’ve selected.
5. Select Create group.

Oblique creates the reporting group and automatically redirects you to the new group’s detail page. The manager is automatically added as an owner of their reporting group.

Note

You can’t create an empty reporting group: the selected manager must have at least one report for the group to be created. You also can’t create a duplicate reporting group.

Create a reporting group when granting access

You can also create a reporting group while assigning a role.

When you select a reporting group that doesn’t exist yet, Oblique shows you a confirmation with the group details and member preview before creating it. Select Create group to create it.

Create a team group

Creating a team group lets you manually group users together for access management. Team groups work well for project teams, cross-functional groups, or any collection of users who need shared access to resources.

Creating a team group requires a request. To create a new team group, from the Groups page, select Add group > Team group.

1. In the Group details section, enter the team name in the Display name field.
2. (Optional) Add a description in the Description field.
3. (Optional) Under Owners, click Add owners to select the users or groups you wish to add as owners of this team. Owners can make and review changes to the team. By default, if you are creating the request, you are added as an owner but you can remove yourself.
4. Under Members, click Add members to search and select team members. By default, if you are creating the request, you are added as an member but you can remove yourself.
5. If you have enabled resource creation, in the Integrations section, you will see the resources and entitlements created for the team group when this request is applied.
6. In the Approval section, review the checks needed to create a new team group. Click Select reviewers to assign reviewers to pass each check, or select Add reviewer for each check that needs a reviewer.
7. Select Create request. Optionally, to disable auto-apply for the request, click Select and then Create request + manually apply.

If the request passes all checks and auto-apply is enabled, the change will automatically be applied. Otherwise, if there are checks that still need review, the change request will shown as Open until all checks pass. You can ask a reviewer to approve the request. If you have disabled auto-apply, once the checks pass, you can manually apply the request.

When you apply the change request, Oblique will create the team group for you. If you have enabled Oblique to create Okta groups for new team groups, Oblique will also create a new Okta group with the same name.

Edit a group

You can manage group membership directly in Oblique, allowing you to control access by adding or removing users from the group.

To edit a group’s entitlements, see Grant access.

Edit an attribute-based group

Note

You can’t edit the members of an attribute-based group. To change the membership of an attribute-based group, change the membership rules. The membership will automatically update to reflect the new rules.

You can’t edit an attribute-based group after creating it. To change the attribute-based group, delete it and create a new one with the desired configuration.

Edit an attribute-based group’s owners

From the attribute-based group’s detail page:

1. Next to Owners, select Edit.
2. To add an owner, search for and select the users or groups you wish to add as owners. To remove an owner, find the line for the owner you wish to remove, and select Remove.
3. Select Save.

Note

Oblique admins are automatically added as owners to all groups and resources, and can’t be removed.

Edit a reporting group

Note

You can’t edit the members of a reporting group. Membership automatically updates when manager relationships change in your connected integrations. You also can’t edit a reporting group name. The group name is automatically generated and cannot be changed.

You can’t edit a reporting group after creating it. To change the reporting group, delete it and create a new one with the desired configuration.

Edit a reporting group’s owners

By default, the manager is automatically added as an owner of their reporting group.

From the reporting group’s detail page:

1. Next to Owners, select Edit.
2. To add an owner, search for and select the users or groups you wish to add as owners. To remove an owner, find the line for the owner you wish to remove, and select Remove.
3. Select Save.

Note

Oblique admins are automatically added as owners to all groups and resources, and can’t be removed.

Edit a team group

You can edit a team group’s members, owners, and description.

Team members and owners are managed separately. To add a user as both a member and an owner, you must both add them as a member and an owner.

To edit a team group, navigate to the group’s detail page.

Edit a team group’s members

Editing team group membership requires a request. You can request to edit a team group’s members, including request to join a team group.

From the team group’s detail page:

1. Next to Members, select Edit members.
2. To add members, under Members, select Add members to search for and select the users you wish to add as members. To remove members, find the line for the member you wish to remove, and select Remove.
3. Under Preview, you can preview the access changes that will be made to affected users.
4. Under Approval, review the checks needed to edit the team group’s members. Click Select reviewers to assign reviewers to pass each check, or select Add reviewer for each check that needs a reviewer.
5. Select Create request. Optionally, to disable auto-apply for the request, click Select and then Create request + manually apply.

If the request passes all checks and auto-apply is enabled, the change will automatically be applied. Otherwise, if there are checks that still need review, the change request will shown as Open until all checks pass. You can ask a reviewer to approve the request. If you have disabled auto-apply, once the checks pass, you can manually apply the request.

When you apply the change request, Oblique will update the team group’s members accordingly.

Request to join a team group

From the team group’s detail page:

1. In the header, select Join team.
2. Under User, select the user you wish to join the team group. By default, if you are creating the request, you are selected.
3. Under Team, select the team group you wish to join. By default, the team group you are on is selected.
4. Under Approval, review the checks needed to edit the team group’s members. Click Select reviewers to assign reviewers to pass each check, or select Add reviewer for each check that needs a reviewer.
5. Select Create request. Optionally, to disable auto-apply for the request, click Select and then Create request + manually apply.

If the request passes all checks and auto-apply is enabled, the change will automatically be applied. Otherwise, if there are checks that still need review, the change request will shown as Open until all checks pass. You can ask a reviewer to approve the request. If you have disabled auto-apply, once the checks pass, you can manually apply the request.

When you apply the change request, Oblique will add you as a member of the team group.

Edit a team group’s owners

From the team group’s detail page:

1. Next to Owners, select Edit.
2. To add an owner, search for and select the users or groups you wish to add as owners. To remove an owner, find the line for the owner you wish to remove, and select Remove.
3. Select Save.

Note

Oblique admins are automatically added as owners to all groups and resources, and can’t be removed.

Edit a team group’s description

From the team group’s detail page:

1. Next to About, select Edit.
2. Edit the existing description.
3. Select Save.

Delete a group

Deleting a group removes all members from the group, and invalidates all entitlements that members in the group have access to.

Once you delete a group, it is soft deleted: you can no longer alter it, but Oblique preserves it for audit purposes. You can’t restore a deleted group.

Tip

If you want to maintain some of the group members’ access, add these entitlements directly to users prior to deleting the group.

Delete an attribute-based group

You must be a admin to delete an attribute-based group.

From the attribute-based group’s detail page:

1. In the group header, next to Grant access, select More and then Delete group….
2. Review and confirm you wish to delete the group’s members and entitlements.
3. Select Delete group.

Delete a reporting group

You must be a admin to delete a reporting group.

From the reporting group’s detail page:

1. In the group header, next to Grant access, select More and then Delete group….
2. Review and confirm you wish to delete the group’s members and entitlements.
3. Select Delete group.

Delete a team group

You must be a admin to delete a team group.

From the team group’s detail page:

1. In the group header, next to Grant access, select More and then Delete group….
2. Review and confirm you wish to delete the group’s members and entitlements.
3. Select Delete team.