Manage Groups

To simplify, groups are to be considered the same as sub-tenants, as they provide the required isolation level.

Groups can be managed through the Keycloak’s UI within SixSq’s Federated Identity Portal.

Upon registration in Nuvla, account managers will be given (if requested) admin privileges in their respective tenant. Tenant account managers belong to the admin group in Keycloak, and have full management privileges within that realm.

Groups page in Keycloak

Below follows a comprehensive list of actions that can be performed group-wise.

Create New Group

Groups can be nested within each other which allows account managers to define hierarchies. Here we refer to top level group and subgroup as being the main group and the ones within it, respectively.

Top Level Group

Without selecting any group (as shown on the figure above), click New and enter your group name.

Choose group name

Upon creation, a new page will show up with the group settings, as shown below:

Group created

Here is where the account managers can rename the group, assign custom attributes, see the group members (empty by default), and map the group roles.

Subgroup

To create a group that belongs to a top level one, the creation process is exactly the same as above, but the account manager has to select the respective top level group before clicking on New:

Create subgroup

Once created:

Created subgroup

NOTE: please note that subgroups will by default inherit the role mappings from the parent top level groups

Edit, Cut, Paste and Delete Groups

The button panel on the right corner of the groups’ interface allows all the basic group operations:

Basic operations on groups

Default Groups

“Set of groups that new users will automatically join”

Default groups

As the above figure shows, new users will now automatically be assigned to the subgroup test-subgroup.