Groups

Using groups to organize a collection of user identities makes it easier to manage access to applications. Learn more in Application access control.

About groups

You can create groups within an environment or within a population. However, after a group is created, the following conditions apply:

You can’t move the group:
- From one population to another
- From a population to an environment
- From an environment to a population
Users that are removed from a population are also removed from the corresponding population-level group.
End users can’t add or remove themselves from groups.

You can have up to 100,000 groups per environment, and each group can have an unlimited number of users. A single user can belong to up to 10,000 groups. Learn more in PingOne standard platform limits.

Viewing the list of groups in the environment

To view a list of the groups in your environment, in the PingOne admin console, go to Directory > Groups.

The Groups page opens.

By default, the Group, Administrator Roles, and Membership columns display.

Screenshot of the Groups page with the default columns displayed

Column visibility depends on the permissions included in the administrator role you are assigned. For example, if you’re assigned a role that doesn’t have permission to read group roles, you won’t see the Administrator Roles column. Learn more in Viewing role details.

You can manage the columns displayed during your session by clicking Columns and selecting or clearing the applicable checkboxes. If you sign off of the PingOne admin console or your session times out, the column selection reverts to the default display.

The Group Source and Sync Type columns are available only if there are external groups in the environment. Learn more in Group roles and Internal and external groups.

Column	Description
Group	Always displayed. Displays the group name in PingOne. Group names must be unique in the environment. If the group is an external group, the name of the group in its source location is displayed under the PingOne name.
Administrator Roles	Displays a Roles Granted label if administrator roles are assigned to the group. Learn more in Managing group roles.
Membership	Displays the number of users in the group if group membership is static. If the group membership is dynamic, Dynamic displays in this column. Learn more in Static and dynamic groups.
Group Source	External groups only. Displays the name of the external identity provider (IdP) or LDAP gateway from which the group is sourced.
Sync Type	External groups only. Displays the method by which the group is provisioned. For example, Just-in-time. Learn more in Just-in-time provisioning of external groups.

Column

Description

Group

Always displayed. Displays the group name in PingOne. Group names must be unique in the environment. If the group is an external group, the name of the group in its source location is displayed under the PingOne name.

Administrator Roles

Displays a Roles Granted label if administrator roles are assigned to the group. Learn more in Managing group roles.

Membership

Displays the number of users in the group if group membership is static. If the group membership is dynamic, Dynamic displays in this column. Learn more in Static and dynamic groups.

Group Source

External groups only. Displays the name of the external identity provider (IdP) or LDAP gateway from which the group is sourced.

Sync Type

External groups only. Displays the method by which the group is provisioned. For example, Just-in-time. Learn more in Just-in-time provisioning of external groups.

The following image shows all of the available columns:

Screenshot of the Groups page showing all of the columns