2. Home
  4. Docs
  6. Zero Trust Controls
  8. Groups

Groups

Groups on PureAUTH allow you to set which employees are allowed to access which applications. To set these authorizations, login to N4cer and navigate to Access > Groups.

By default, all applications and users are added to the Everyone group. To add a new group, click on the Add Group button on the top right.

Enter the name of the group in lowercase and without spaces. e.g. admins. Click Save. Once you have created such groups, you need to assign applications to it. Users in this group will have access to these applications. To assign applications, refer to the following steps:

  1. Click on the newly created group name.
  2. Click on Assign Applications.
  3. In the popup, select the applications that you want to assign.
  4. Click done.

Important: Once you have assigned the applications to the group, remove the applications from the Everyone group. This will only allow the users from a particular group to access this application.

To assign users, we can use PureSYNC. Here are the commands for adding users to groups:

List all available groups

puresync group list

Manually add users to groups

Run the below command to add/update the groups for users. Do note that even if you are adding a single new group to the user, all of their groups must be mentioned. If all groups are not mentioned, they will be removed from the user.

puresync group attach <group_names (comma separated)> <employee_corporate_emails (comma separated)>
e.g. puresync group attach admins,developers,testers user@example.com
                           ------------------------- ----------------
                                 ^ Groups                 ^ Users

CSV

To add groups to users using the CSV source, add them in the groups column in CSV. They must be comma separated.

Run one of the following commands to update groups.

puresync add
puresync update

Active Directory

Depending on the Mapping Attribute set for groups, we need different approaches to update them.

If the mapping attribute of groups is groups: memberof, then do the following for assigning it to a user:

  1. Create a security group with the same group name as on N4cer. e.g. admins
  2. Add the users to be assigned to admins group to the security group.

If the mapping attribute is something else, enter comma separated attribute names in the mapped attribute in AD. e.g. in case of the mapping groups: department

Run one of the following commands to update groups.

puresync add
puresync update

Azure AD

To assign groups to a user in Azure AD, add the names of the groups to be assigned to the mapped attribute in AD in a comma separated format. In case of mapping groups: department

Run one of the following commands to update the groups:

puresync add
puresync update
Was this article helpful to you? Yes No