Groups

Groups are collections of users that can be granted access to resources.

Groups in Oblique simplify access management by letting you grant entitlements to collections of users rather than individuals. This makes it easier to manage entitlements and provides context for understanding why an entitlement exists.

Learn more about groups Learn more about groups in Oblique, and when to use which type of group.

Create a group

You can create groups in two ways: automatically based on user attributes, or manually by adding specific users to a team.

Create an attribute-based group

Attribute-based groups let you automatically group together users who share specific attributes like location, department, or role. These groups help grant access to resources that users should inherently have based on their characteristics.

Only Oblique Admins can create attribute-based groups.

To create a new attribute-based group, from the Groups page, select Add group > Attribute group.

1. In the Group details section, enter the attribute-based group name in the Display name field.
2. Under Membership rules, select the attribute you wish to use and its value. To be added to the groups, users must match all selected attributes. To add additional attributes, select Add another rule.
3. Under Member preview, you can preview which users will be members of the group based on the attributes you’ve selected.
4. Select Create group.

Oblique creates the attribute-based group and automatically redirects you to the new group’s detail page.

Create a team group

Creating a team group lets you manually group users together for access management. Team groups work well for project teams, cross-functional groups, or any collection of users who need shared access to resources.

Creating a team group requires a request. To create a new team group, from the Groups page, select Add group > Team group.

1. In the Group details section, enter the team name in the Display name field.
2. (Optional) Add a description in the Description field.
3. (Optional) Under Owners, click Add owners to select the users or groups you wish to add as owners of this team. Owners can make and review changes to the team. By default, if you are creating the request, you are added as an owner but you can remove yourself.
4. Under Members, click Add members to search and select team members. By default, if you are creating the request, you are added as an member but you can remove yourself.
5. If you have enabled resource creation, in the Integrations section, you will see the resources and entitlements created for the team group when this request is applied.
6. In the Review section, review the checks needed to create a new team group. Click Select reviewers to assign reviewers to pass each check, or select Add reviewer for each check that needs a reviewer.
7. Select Create request.

If the request’s checks are all met, the change will automatically be applied. Otherwise, if there are checks that still need review, the change request will shown as Open until all checks pass. You can ask a reviewer to approve the request.

Once the request passes all checks, it is automatically applied and Oblique will create the team group for you. If you have enabled Oblique to create Okta groups for new team groups, Oblique will also create a new Okta group with the same name.

Edit a group

You can manage group membership directly in Oblique, allowing you to control access by adding or removing users from the group.

To edit a group’s entitlements, see Grant access.

Edit an attribute-based group

Note

You can’t edit the members of an attribute-based group. To change the membership of an attribute-based group, change the membership rules. The membership will automatically update to reflect the new rules.

You can’t edit an attribute-based group after creating it. To change anything about the attribute-based group, delete the attribute-based group and create a new one with the desired changes.

Edit a team group

You can edit a team group’s members, owners, and description.

Team members and owners are managed separately. To add a user as both a member and an owner, you must both add them as a member and an owner.

To edit a team group, navigate to the group’s detail page.

Edit a team group’s members

Editing team group membership requires a request. You can request to edit a team group’s members, including request to join a team group.

From the team group’s detail page:

1. Next to Members, select Add members.
2. To add members, under Members, select Add members to search for and select the users you wish to add as members. To remove members, find the line for the member you wish to remove, and select Remove.
3. Under Preview, you can preview the access changes that will be made to affected users.
4. Under Review, review the checks needed to edit the team group’s members. Click Select reviewers to assign reviewers to pass each check, or select Add reviewer for each check that needs a reviewer.
5. Select Create request.

If the request’s checks are all met, the change will automatically be applied. Otherwise, if there are checks that still need review, the change request will shown as Open until all checks pass. You can ask a reviewer to approve the request.

Once the request passes all checks, it is automatically applied and Oblique will update the team group’s members accordingly.

Request to join a team group

From the team group’s detail page:

1. In the header, select Join team.
2. Under User, select the user you wish to join the team group. By default, if you are creating the request, you are selected.
3. Under Team, select the team group you wish to join. By default, the team group you are on is selected.
4. Under Review, review the checks needed to edit the team group’s members. Click Select reviewers to assign reviewers to pass each check, or select Add reviewer for each check that needs a reviewer.
5. Select Create request.

If the request’s checks are all met, the change will automatically be applied. Otherwise, if there are checks that still need review, the change request will shown as Open until all checks pass. You can ask a reviewer to approve the request.

Once the request passes all checks, it is automatically applied and Oblique will add you as a member of the team group.

Edit a team group’s owners

From the team group’s detail page:

1. Next to Owners, select Edit.
2. To add an owner, search for and select the users or groups you wish to add as owners. To remove an owner, find the line for the owner you wish to remove, and select Remove.
3. Select Save.

Note

Oblique Admins are automatically added as owners to all groups and resources, and can’t be removed.

Edit a team group’s description

From the team group’s detail page:

1. Next to About, select Edit.
2. Edit the existing description.
3. Select Save.

Delete a group

Deleting a group removes all members from the group, and invalidates all entitlements that members in the group have access to.

Once you delete a group, it is soft deleted: you can no longer alter it, but Oblique preserves it for audit purposes. You can’t restore a deleted group.

Tip

If you want to maintain some of the group members’ access, add these entitlements directly to users prior to deleting the group.

Delete an attribute-based group

You must be an Oblique Admin to delete an attribute-based group.

From the attribute-based group’s detail page:

1. In the group header, next to Grant access, select More and then Delete.
2. Review and confirm you wish to delete the group’s members and entitlements.
3. Select Delete group.

Delete a team group

You must be an Oblique Admin to delete a team group.

From the team group’s detail page:

1. In the group header, next to Grant access, select More and then Delete.
2. Review and confirm you wish to delete the group’s members and entitlements.
3. Select Delete team.