Groups#

Groups let you organize users into logical sets and assign roles or permissions to multiple users at once. Instead of assigning roles user by user, you create a group, assign roles to the group, and add users as members. Every user inherits the permissions of every group they belong to.

When to Use Groups#

  • Departments — Sales, Support, Engineering, Finance
  • Projects — temporary teams working on a specific initiative
  • Locations — branch offices or regional teams with different access scopes
  • External — vendors, contractors, or partners who need limited access

Creating a Group#

  1. Open SSO → Groups
  2. Click New group
  3. Enter a name and optional description
  4. Assign one or more roles to the group
  5. Save

Adding Members#

Groups can be populated in three ways:

  • Manually — select users from the directory and add them
  • From an identity provider — when a user signs in via SSO, their IdP group claims are mapped to Novaza groups automatically
  • By rule — users matching a condition (for example, email domain or job title) are added to the group automatically

Permission Inheritance#

A user’s effective permissions are the union of:

  • Roles assigned directly to the user
  • Roles inherited from every group the user belongs to

Removing a user from a group revokes only the permissions that came through that group — direct role assignments remain.

Nested Groups#

Groups can contain other groups. A child group inherits all permissions of its parents, which makes it easy to model hierarchies such as All Staff → Engineering → Backend Team.

Deleting a Group#

Deleting a group removes it from all users. Users themselves are not deleted, but they lose any permissions they inherited only from that group. This action cannot be undone.

Backward Single Sign-On Password Policies Forward

© 2026 Novaza. All rights reserved.