Creating Groups

Home / Identity Administration / User Accounts and Groups / Current: Creating Groups

EmpowerID provides two methods for creating groups, the Create Group Simple method and the Create Group Advanced method. If minimal information is needed, use the Create Group Simple method for fewer fields and options. If you need to input more information or configure more properties for the group, use the Create Group Advanced method.

This topic demonstrates how to create an Active Directory group using both methods.


Prerequisites

EmpowerID must be connected to Active Directory. For details, see Connecting to Active Directory.


To create an AD security group in simple mode


  1. In the Navigation Sidebar of the EmpowerID Web interface, expand Identities and click Groups.
  2. From the Actions pane of Group Manager, click the Create Group Simple action.  



  3. In the Create Group form that appears, type a name and description in the Name and Description fields, respectively.
  4. Below Group Creation Location, click the Select a Location link and in the Location Selector that opens do the following:
    1. Search for and select the appropriate directory location for the group.



    2. Click Save to close the Location Selector.

  5. Select the appropriate group type from the Group Type drop-down.
  6. Optionally, select Is Mail Enabled to mail-enable the group (Microsoft Exchange is required) and type any comments in the Comments or Justification field.
  7. Click Save



    After creating the group, EmpowerID directs you to the group's View Page. View pages allow you to view information about a selected resource and manage that resource as needed.


To create an AD security group in advanced mode

  1. In the Navigation Sidebar of the EmpowerID Web interface, expand Identities and click Groups.
  2. From the Actions pane of Group Manager, click the Create Group action.



  3. In the General section of the Create Group form that appears, do the following:
    1. Type a name, logon name and display name for the group in the Name, Logon Name and Display Name fields, respectively.
    2. Below Group Creation Location, click the Select a Location link and in the Location Selector that opens do the following:
      1. Search for and select the appropriate directory location for the group.



      2. Click Save to close the Location Selector.
    3. Select the appropriate group type from the Group Type drop-down.
    4. Optionally, select Is Mail Enabled to mail-enable the group (Microsoft Exchange is required and EmpowerID must be configured for your Exchange environment).
    5. If you selected Is Mail Enabled, select the suffix for the email address from the Email Suffix drop-down.
    6. Optionally, add any notes to the Notes field.
    7. Type a description in the Description field.
    8. Select or clear (selected by default) Allow Join Requests. If selected, users can shop for the group in the IT Shop.
    9. Optionally, select or clear (cleared by default) Auto-Accept Join or Leave Requests. If selected, users can self-service join and leave the group without requiring approval.

      Auto-Accept only works if Allow Join Requests is enabled.




  4. In the Advanced section of the Create Group form, do the following:
    1. Optionally, select Prevent Deletion in EmpowerID if you want to prevent the group from being deleted via the EmpowerID UI.
    2. Optionally, select Is High Security Group if the group meets that criteria.
    3. Optionally, if you have a custom workflow that uses it, click the Valid Until field and select a date from the calendar control.



    4. Optionally, add any comments to the Comments or Justification field.
  5. Click Save.

    After creating the group, EmpowerID directs you to the group's View Page. View pages allow you to view information about a selected resource and manage that resource as needed.

To verify that the group was created in EmpowerID

  1. In the Navigation Sidebar, expand System Logs and click Audit Log.
  2. From the Audit Log tab, type Create Group in the Search field and press ENTER to verify that a record is returned for the group. This record allows you to see who requested and approved that the group be created, when it was created, etc.

To verify that the group was created in Active Directory

  1. On a machine with the Active Directory Module for Windows PowerShell installed, run the following cmdlet, substituting the name of the group with your group:

    GET-ADGroup -filter {Name -eq "Dublin-GVR01"}
  2. Verify that the group you created is returned.


   

On this page