User Groups
User Groups are a powerful feature in AIR designed to streamline user access management across organizations, especially in large environments or those using Single Sign-On (SSO).
What Are User Groups?
Section titled “What Are User Groups?”User Groups allow you to manage users collectively instead of individually. This simplifies role assignments and organization-level access across AIR. Whether you’re handling internal teams or integrating with Azure AD or Okta, User Groups provide scalable, centralized control.
Why Use User Groups?
Section titled “Why Use User Groups?”Managing user access across multiple organizations can be time-consuming. With User Groups, you can:
- Group users by function, department, or region
- Assign them to organizations and roles in bulk
- Sync groups directly from SSO providers like Azure AD or Okta
This reduces manual overhead and ensures consistency in access management.
Accessing the User Groups Page
Section titled “Accessing the User Groups Page”To access this feature:
- Navigate to Settings → User Groups
Note: Only Global Admins can access and manage User Groups.
Creating a New User Group
Section titled “Creating a New User Group”- Click Create Group
- Enter a Group Name (e.g., “HR Team”)
- Optionally, provide a description for context
Adding Users to a Group
Section titled “Adding Users to a Group”After creating a group:
- Select users from your existing AIR user list
- Users in the group automatically inherit all organization and role assignments associated with the group
You can always view and manage group membership from the main User Groups table.
Syncing with SSO (Optional)
Section titled “Syncing with SSO (Optional)”If you’re using Azure AD or Okta:
- Toggle “Sync with SSO” when creating or editing a group
- Once enabled, group membership is pulled from your identity provider
- Manual editing of group members in AIR will be disabled
A tooltip will indicate that synced groups are read-only within AIR.
Assigning a User Group to an Organization
Section titled “Assigning a User Group to an Organization”- Go to Settings → Organizations
- Create or edit an organization
- In Step 2 of the wizard, assign the desired User Group(s)
All users in the selected group will be granted access to the organization with their predefined roles.
Managing Group Membership
Section titled “Managing Group Membership”- In the User Groups table, click the user count to view members
For SSO-synced groups, membership cannot be modified in AIR.
Safeguards When Removing Users
Section titled “Safeguards When Removing Users”Users added via a group cannot be removed individually from an organization.
To revoke access:
- Remove the user from the User Group
A tooltip will appear if removal is attempted at the individual level.
Viewing Group Membership from the Users Page
Section titled “Viewing Group Membership from the Users Page”The Users list now includes a Groups column to show which user groups a person belongs to. This offers helpful context when reviewing or auditing user access.
Notes and Limitations
Section titled “Notes and Limitations”- Only Global Admins can create and edit User Groups
- Group duplication is not yet available, but it is planned
- When a user is assigned to an organization both individually and via a group, the group assignment takes precedence
- To fully remove access, remove the user from the group
Summary
Section titled “Summary”User Groups simplify access control and scale with your environment. Benefits include:
- Centralized user and role management
- SSO directory sync support
- Consistent access inheritance across organizations
Whether you’re managing 10 users or 10,000, User Groups provide a more efficient and secure way to manage access in AIR.