Adding Groups to Groups

EmpowerID allows you to easily add one or more groups as members of another group. When you do so, members of the added groups gain any entitlements and delegations associated with the group to which they are being added. For example, if you a group with a policy that specifies that members of that group have a home folder, and you add a group without such a policy to that group, then the members of the group without the policy will be given a home folder.

This topic demonstrates how to add groups to groups in EmpowerID and is divided into the following activities:

Prerequisites: Before you can add groups to groups, EmpowerID must first be connected to an external account directory, like Active Directory. For more information on connecting EmpowerID to Active Directory, see Connecting to Active Directory.

To add a group to another group

  1. From the Navigation Sidebar, navigate to the Group Management page by expanding Identities and clicking Groups.
  2. Search for the group to which you want to nest another group and then click the record for that group. You should see a list of contextual actions appear that can be executed against that group appear in the Actions pane.
  3. In the following image, the Locations pane has been collapsed to conserve screen real estate.

  4. Click the Add Group to Group action.
  5. In the Group Lookup that appears, search for the group you want to add to the group.
  6. Tick the box beside the group to select it.
  7. Repeat, steps 5 and 6, adding as many groups as needed.
  8. When you have finished adding groups, click Submit.
  9. Click Yes to confirm you want to add the group(s) to the group and then click OK to close the Operation Execution Summary.

To verify the nested group in EmpowerID

  1. Search for the group to which you just added the group(s).
  2. From the grid, click the Logon Name link for the group.
  3. This directs you to the View One page for the group. View One pages allow you to view details about an object in EmpowerID and make changes to those objects as needed.

  4. From the View One page, expand the Nested Group Members accordion. You should see records for the new members.
  5. If you have an email address that is registered in EmpowerID, you can have EmpowerID email you the group membership by clicking the email icon.

To verify the nested group in Active Directory

  1. On a server with the Active Directory PowerShell module, run the following PowerShell cmdlet (substituting the group in the cmdlet with the group you nested):
  2. Get-ADPrincipalGroupMembership "London Contractors GVR1"

    You should see that the group is a member of the group to which you added it.