Groups let you combine Mobility Suite users who have something in common. If you want to give members of the group permission to perform specific tasks, you can assign one or more roles to the group. Once you set up a group, you can easily assign app policies, manage devices, control content, etc., based on those groups. For example, you might create a group called "Finance" that consists of all of the registered Mobility Suite users who work in the Finance department. You can create apps that for solely for use by the Finance department and assign those policies just to the "Finance" group.
Users in groups fall into one or more of the following categories:
Users who develop and publish apps, manage devices and content, and perform administrative tasks within Mobility Suite.
After you have defined your roles, you can assign those roles to groups. For example, you can assign the Publishers role to the Publishers group. Everyone in the Publishers group can perform all the tasks that you defined for the Publishers role.
End users who access Mobility Suite to download content and apps and whose devices you want to secure and manage.
Creating groups for your end users makes it easier to define what policies apply to these users. For example, you can create a group called Finance. Then you can create app policies that only members of the Finance group can access.
Mobility Suite installs with default groups that correspond with the default roles (i.e., administrators, developers, publishers, and managers). There is also the default groups all, which consists of all of the users who have registered with Mobility Suite. A single user can be in multiple groups.
You should set up your groups in Mobility Suite before you configure your identity provider (IDP) so that when you configure the IDP, you can map users to the Mobility Suite groups that you created. Thereafter, you can create, delete, or modify groups as needed. You set up and manage groups in the same manner regardless of which IDP you use.
As you create a group, you can specify what roles (if any) you want to apply to the group. After you create a group, you can apply policies to the group, set up device management policies, and so on. When you configure an external IDP, you can map the IDP's groups to your Mobility Suite groups. This way, you do not have to individually add members to groups.
In the Group name field, type the name for the new group.
Click the Group permissions box and select all of the roles that you want to assign to your new group.
In the Members box, type the name of a user that you want to add to this group, and then click Add. Repeat this step for each user that you want to add.
Tip: As you begin typing, Mobility Manager suggests user names.
If you use an external IDP, you can map the IDPs groups to your Mobility Suite groups. Users automatically are added to the appropriate groups based on the group mappings when they enroll with Mobility Suite.
To limit the members of the new group to viewing just the devices and/or users in a specific subgroup, click the Admins who can manage this group box and select the subgroup.
You must have selected a role that includes View Devices and/or View Users.
For example, you want the members of this new group to be able to view only the East Coast Managers devices. So you select a role that includes the rights to View Devices and in the Admin Scope box, you select the group East Coast Managers.