Chapter 40. Managing host groups using the IdM Web UI

This chapter introduces host groups in Identity Management (IdM) and describes the following operations to manage host groups and their members in the Web interface (Web UI):

  • Viewing host groups and their members
  • Creating host groups
  • Deleting host groups
  • Adding host group members
  • Removing host group members
  • Adding host group member managers
  • Removing host group member managers

40.1. Host groups in IdM

IdM host groups can be used to centralize control over important management tasks, particularly access control.

Definition of host groups

A host group is an entity that contains a set of IdM hosts with common access control rules and other characteristics. For example, you can define host groups based on company departments, physical locations, or access control requirements.

A host group in IdM can include:

  • IdM servers and clients
  • Other IdM host groups

Host groups created by default

By default, the IdM server creates the host group ipaservers for all IdM server hosts.

Direct and indirect group members

Group attributes in IdM apply to both direct and indirect members: when host group B is a member of host group A, all members of host group B are considered indirect members of host group A.

40.2. Viewing host groups in the IdM Web UI

This section describes how to view IdM host groups using the Web interface (Web UI).

Prerequisites

Procedure

  1. Click Identity → Groups, and select the Host Groups tab.

    • The page lists the existing host groups and their descriptions.
    • You can search for a specific host group.

    A screenshot of the IdM Web UI displaying the "Host Groups" page which is part of the "Groups" sub-page from the "Identity" tab. There is a search field above a table listing host groups.

  2. Click on a group in the list to display the hosts that belong to this group. You can limit results to direct or indirect members.

    A screenshot of the "Groups" page displaying details about the "ipaservers" host group.

  3. Select the Host Groups tab to display the host groups that belong to this group (nested host groups). You can limit results to direct or indirect members.

    A screenshot of the "Groups" page displaying details about the "group_name" host group.

40.3. Creating host groups in the IdM Web UI

This section describes how to create IdM host groups using the Web interface (Web UI).

Prerequisites

Procedure

  1. Click Identity → Groups, and select the Host Groups tab.
  2. Click Add. The Add host group dialog appears.
  3. Provide the information about the group: name (required) and description (optional).
  4. Click Add to confirm.

    A screenshot of the "Add host group" pop-up window displaying a "Host-group" field (required) and a Description field. At the bottom there are four buttons: "Add" - "Add and Add Another" - "Add and Edit" - "Cancel."

40.4. Deleting host groups in the IdM Web UI

This section describes how to delete IdM host groups using the Web interface (Web UI).

Prerequisites

Procedure

  1. Click Identity → Groups and select the Host Groups tab.
  2. Select the IdM host group to remove, and click Delete. A confirmation dialog appears.
  3. Click Delete to confirm

    Screenshot of the "Remove host groups" pop-up window asking if you are sure you want to delete the selected entries. There are two buttons at the bottom right: "Delete" and "Cancel."

Note

Removing a host group does not delete the group members from IdM.

40.5. Adding host group members in the IdM Web UI

This section describes how to add host group members in IdM using the web interface (Web UI).

Prerequisites

Procedure

  1. Click Identity → Groups and select the Host Groups tab.
  2. Click the name of the group to which you want to add members.
  3. Click the tab Hosts or Host groups depending on the type of members you want to add. The corresponding dialog appears.
  4. Select the hosts or host groups to add, and click the > arrow button to move them to the Prospective column.
  5. Click Add to confirm.

    Screenshot of the "Add host groups into host group group-name" pop-up window which lets you select from "Available host groups" on the left to add to a "Prospective" list on the right. There is an "Add" button at the bottom-right of the window.

40.6. Removing host group members in the IdM Web UI

This section describes how to remove host group members in IdM using the web interface (Web UI).

Prerequisites

Procedure

  1. Click Identity → Groups and select the Host Groups tab.
  2. Click the name of the group from which you want to remove members.
  3. Click the tab Hosts or Host groups depending on the type of members you want to remove.
  4. Select the check box next to the member you want to remove.
  5. Click Delete. A confirmation dialog appears.

    A screenshot of a pop-up window titled "Remove host groups from host group ipaservers." The content says "Are you sure you want to delete the selected entries" and "group_name" below that. There are "Delete" and "Cancel" buttons at the bottom right corner of the window.

  6. Click Delete to confirm. The selected members are deleted.

40.7. Adding IdM host group member managers using the Web UI

This section describes how to add users or user groups as host group member managers in IdM using the web interface (Web UI). Member managers can add hosts group member managers to IdM host groups but cannot change the attributes of a host group.

Prerequisites

  • Administrator privileges for managing IdM or User Administrator role.
  • You are logged-in to the IdM Web UI. For details, see Accessing the IdM Web UI in a web browser.
  • You must have the name of the host group you are adding as member managers and the name of the host group you want them to manage.

Procedure

  1. Click Identity → Groups and select the Host Groups tab.

    hostgroups
  2. Click the name of the group to which you want to add member managers.
  3. Click the member managers tab User Groups or Users depending on the type of member managers you want to add. The corresponding dialog appears.
  4. Click Add.

    group membermanagers
  5. Select the users or user groups to add, and click the > arrow button to move them to the Prospective column.
  6. Click Add to confirm.
Note

After you add a member manager to a host group, the update may take some time to spread to all clients in your Identity Management environment.

Verification steps

  • On the Host Group dialog, verify the user group or user has been added to the member managers list of groups or users.

    membermanager added

40.8. Removing IdM host group member managers using the Web UI

This section describes how to remove users or user groups as host group member managers in IdM using the web interface (Web UI). Member managers can remove hosts group member managers from IdM host groups but cannot change the attributes of a host group.

Prerequisites

  • Administrator privileges for managing IdM or User Administrator role.
  • You are logged-in to the IdM Web UI. For details, see Accessing the IdM Web UI in a web browser.
  • You must have the name of the existing member manager host group you are removing and the name of the host group they are managing.

Procedure

  1. Click Identity → Groups and select the Host Groups tab.

    hostgroup tab
  2. Click the name of the group from which you want to remove member managers.
  3. Click the member managers tab User Groups or Users depending on the type of member managers you want to remove. The corresponding dialog appears.
  4. Select the user or user groups to remove and click Delete.
  5. Click Delete to confirm.

    idm removing host group member managers
    Note

    After you remove a member manager from a host group, the update may take some time to spread to all clients in your Identity Management environment.

Verification steps

  • On the Host Group dialog, verify the user group or user has been removed from the member managers list of groups or users.

    remove membermanager verification