User groups define which users a zero trust policy applies to. Each group selects users by account name, email address, mobile phone number, or organizational structure. When you create a policy, you assign one or more user groups to set its scope.
Prerequisites
Before you begin, ensure that you have:
Completed the identity source configuration. For more information, see Identity Synchronization.
Create a user group
Log on to the Secure Access Service Edge console.
In the left navigation pane, choose Identity Authentication > Identity Access.
On the User Group Management tab, click Create User Group.
In the Create User Group panel, configure the following parameters.
Parameter Description User Group Name A name for the user group. Description A description of the user group. Group Scope How users are selected for the group. Valid values: Organizational Structure, Account Name, Email Address, Mobile Phone Number. If you select Organizational Structure, the organizational structures from your configured and enabled identity sources are displayed for selection. If you select Account Name, the Configure Account Name field appears. If you select Email Address, the Configure Email Address field appears. If you select Mobile Phone Number, the Configure Mobile Phone Number field appears. Configure Relationship The relationship for the user group. Valid values: Equal To, Not Equal To. Click OK.
The new user group is automatically added to the user group list.
Manage user groups
On the User Group Management tab, you can also:
Edit: Click Edit to view or modify the user group configuration.
Delete: Click Delete to remove the user group.
What's next
After you create a user group, assign it to a zero trust policy to define which users the policy covers. For details, see Configure a zero trust policy for private access.