Creating Groups

EmpowerID provides two methods for creating groups, the Create Group Simple method and the Create Group Advanced method. The method you choose depends on the level of information needed when creating groups. If minimal information is needed, the Create Group Simple method is the best option as the form used with the method provides less fields and options. If however, you need to input more information or configure more properties for the group, then the Create Group Advanced method is the best option.

This topic demonstrates how to create an Active Directory group using both methods.

Prerequisites: Before you can create AD security groups, EmpowerID must first be connected to Active Directory. For the details, see Connecting to Active Directory.

To create an AD security group in EmpowerID using the simple method

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the Group management page by expanding Identities and clicking Groups.
  2. From the Actions pane of Group Manager, click the Create Group Simple action.
  3. In the Create Group form that appears, type a name and description in the Name and Description fields, respectively.
  4. Underneath Group Creation Location, click the Select a Location link and in the Location Selector that opens do the following:
    1. Search for and select the appropriate directory location for the group.
    2. Click Save to close the Location Selector.
  5. Select the appropriate group type from the Group Type drop-down.
  6. Optionally, select Is Mail Enabled to mail-enable the group (Microsoft Exchange is required) and type any comments in the Comments or Justification field.
  7. Click Save.
  8. After creating the group, EmpowerID directs you to the group's View Page. View pages allow you to view information about a selected resource and manage that resource as needed.

To create an AD security group in EmpowerID using advanced mode

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the Group management page by expanding Identities and clicking Groups.
  2. From the Actions pane of Group Manager, click the Create Group action.
  3. In the General section of the Create Group form that appears, do the following:
    1. Type a name, logon name and display name for the group in the Name, Logon Name and Display Name fields, respectively.
    2. Underneath Group Creation Location, click the Select a Location link and in the Location Selector that opens do the following:
      1. Search for and select the appropriate directory location for the group.
      2. Click Save to close the Location Selector.
    3. Select the appropriate group type from the Group Type drop-down.
    4. Optionally, select Is Mail Enabled to mail-enable the group (Microsoft Exchange is required and EmpowerID must be configured for your Exchange environment).
    5. If you selected Is Mail Enabled, select the suffix for the email address from the Email Suffix drop-down.
    6. Optionally, add any notes to the Notes field.
    7. Type a description in the Description field.
    8. Select or deselect (selected by default) Allow Join Requests. If selected, users can shop for the group in the IT Shop.
    9. Optionally, select or deselect (deselected by default) Auto-Accept Join or Leave Requests. If selected, users can self-service join and leave the group without requiring approval.
    10. Auto-Accept only works if Allow Join Requests is enabled.

  4. In the Advanced section of the Create Group form, do the following:
    1. Optionally, select Prevent Deletion in EmpowerID if you want to prevent the group from being deleted via the EmpowerID UI.
    2. Optionally, select Is High Security Group if the group meets that criteria.
    3. Optionally, if you want EmpowerID to disable the group at a future date, click the Valid Until field and select a date from the calendar control.
    4. Optionally, add any comments to the Comments or Justification field.
  5. Click Save.
  6. After creating the group, EmpowerID directs you to the group's View Page. View pages allow you to view information about a selected resource and manage that resource as needed.

To verify that the group was created in EmpowerID

  1. From the Navigation Sidebar, navigate to Change Manager by expanding System Logs and clicking Audit Log.
  2. From the Audit Log tab, type Create Group in the Search field and press ENTER. You should see a record returned for the group. This record allows you to see who requested and approved that the group be created, when it was created, etc.

To verify the group was created in Active Directory

  1. On a machine with the Active Directory Module for Windows PowerShell installed, run the following cmdlet, substituting the name of the group with your group:
  2. GET-ADGroup -filter {Name -eq "Dublin-GVR01"}

    You should see the group returned.