RBAC groups Enterprise
With user groups, you can assign role bindings to the users of your organization in bulk.
Groups are available for Nobl9 Enterprise Edition customers who have configured the SCIM synchronization with their Identity Provider (IdP), for example, Azure AD or Okta.
Importing RBAC groupsβ
To create a user group in Nobl9, an Organization admin synchronizes the group data from the organization's IdP. After a successful Nobl9 SCIM-IdP synchronization, an Organization admin can view the group in Nobl9.
Organization admins can set role bindings for the imported groups from an IdP on the Nobl9 Web or using the sloctl apply command for the group RoleBindings.
To view the created group on the Nobl9 Web, Organization admins go to Settings > Groups:
To check groups assigned to a specific user, go to Settings > Users on the Nobl9 Web. Click the required user and open the Groups tab:
All users groupβ
Every organization with an Enterprise plan includes a default group, automatically created to simplify managing access for all users. This group contains every user in the organization, making it easy to assign project roles that apply globally.
Key details about the all users group group:
- The All users group is listed under the Settings > Groups tab. It's always on top of the list and is marked by the
icon. - By default, the group doesn't have any roles assigned. Organization admins can assign one role to it on the Nobl9 Web. Using
sloctl, they can add or remove roles in bulk. - The group's details page provides the group management options under the following tabs:
- Users: the list of users in the group
- Projects and roles: the project roles assigned to this group
- Organization roles: the organization roles assigned to this group
In Nobl9 RBAC, permissions aggregate across different assignments. Suppose an admin assigns a role (for example, Organization Viewer) to the default group, and an individual user has a specific role (for example, Integrations User).
In that case, the user retains all permissions from both roles. Individual assignments do not override or remove permissions inherited from the default groupβthey combine.
For organizations without SCIM integration, this is the only group visible in the "Groups" tab.