How to: Create User groups

Last modified: Monday July 31, 2023.

User groups provide a convenient way to set permissions and group users. You can assign the system permissions, roles, sites, and device groups that apply to each user group.

User groups and SSO

For users added to Aware by single sign-on (SSO), you can assign them to the default Aware user group, or the Identity provider (IdP) can provide the user group.

When using the Use 'User group' set from SAML provider option, any changes to the user group name after setting up SSO could cause all users within that group to be unable to log in using SSO to your deployment.

Prerequisites

Only users with the Administrator role can access the Users tools.
User groups use System permissions settings; ensure you have configured the System permissions you need for your User groups.

If you cannot see buttons across the bottom of the browser window, click the footer handle icon.

Task — Create or edit a User group

Log in to Alta Aware as an Administrator.
Click Users, or click Add new tool, then select Users.
From the Users tool, open User groups.
1. To create a new User group, click Add user group and enter a name.
2. To edit an existing group, click on its name.
3. To rename a User group, click on its name twice.
To force users in this User group to use 2 factor authentication each time they sign into Aware, check Require 2 factor authentication when signing in.
2 factor authentication is not available for users that sign in using SAML single sign-on (SSO).
To prevent users in this User group from using the Alta Aware mobile apps, check Block mobile app access.
To limit the IP addresses from which users in this user group can access Aware, check Allowed IP ranges and select the required IP ranges from the drop-down list.
1. To define an allowed IP range, click . Choose and enter the required details.
2. To edit an allowed IP range, click . Select the required IP range and click .
3. To remove an allowed IP range, hover over it and click .
To restrict the times that users in this User group can sign into your Aware deployment, check Restrict sign in times. When checked, the Days & time sub-section is enabled.
1. Select the relevant Timezone for the schedule.
2. Click + Add more to create a time schedule.
3. Define the days and times when users in this User group can sign into your Aware deployment.
4. Click + Add more to add another time period to the schedule, for example, weekend times where the times are different to weekdays.
Select the System permissions to assign to this User group. System permissions are determined by assigning a user role to the group.
1. To review or modify the system permissions for a role, click .
2. To create a new role, click and choose .
3. Permissions are arranged by areas of the user interface:
  - System
  - Users
  - Devices
  - Sensor accounts
  - Rules
  - System rules
  - System alarms
  - Counts
  - Access Control
Select the Device permissions to assign to this User group. Device permissions are determined by assigning a user role to the group.
1. To preview the selected permissions, click the Preview permissions icon.
2. To modify the device permission for a role, click the adjacent field and select any required Site and device groups or Custom labels.
3. To add more device permissions, click + Add more permissions.
4. To remove a role and its permissions, click Remove permissions.
Click Done.

Task — Set the default User group

You can set the default user group assigned to users automatically added to Aware, such as single sign-on users.

From the Users tool, open User groups.
Right click on the required user group and select Set as default user group.
Read the warning and choose Ok.
Click Done.

Task — Delete a User group

From the Users tool, open User groups.
Select the User group to be deleted.
Click the Remove User group button.
Chose Delete and click Done.