Permission Groups
This feature will be available soonish.
Updraft clients with a large group of Users often face the challenge of managing large teams within their Identity Providers (IdPs) like Okta or Active Directory (AD). For big organizations with thousands of testers, it is impractical to manually assign users and groups to individual projects in Updraft. Manually adding users to each project becomes a time-consuming task, especially for large enterprises.
To address these challenges, we are introducing Permission Group Management in Updraft to streamline user and group assignments across Updraft projects.
Group Management Overview
A Permission Group is a collection of Updraft users who can be collectively assigned to projects.
Users can belong to one or more permission groups within Updraft.
Groups can be assigned to projects, eliminating the need to add individual users manually.
Assigning permission groups to projects
Organization owners can invite permission groups to projects via a group invitation mechanism.
When adding a group to a project, the user must define the group's maximum user-role in that project (e.g., Admin, Tester or Mobile-User).
The maximum user-role defines the highest access level any user in the group can obtain for that project.
Create permission groups
On the permission group page an Owner of an organization can create new permission groups.
Create a new group
Add a name
Save it
Add permission groups to users
There are two possibilities to add permission groups to an Updraft user:
On the Users page, the Owner of an Organization is able to select permission groups for each user
SSO: When SSO users log in via an SSO integration (e.g., Okta, AD), Updraft automatically discovers their group memberships from the IdP.
Newly detected permission groups are automatically added to the User, simplifying group management for large organizations.
When you are using SSO and you would like to mapping SSO groups with Updraft permission groups, create first the permission groups in Updraft, so that the mapping works correctly.
Assign permission group to project(s)
Click on the 3 dots next to your created permission group
Select the projects and related applications to which your permission group should get access
you can set indivual access on app level
Select the user-role (The maximum user-role defines the highest access level any user in the group can obtain for that project)
Add to project
Mapping SAML groups to Updraft permission groups
In certain situations, you may need to align the SAML groups from your Identity Provider (IdP) with the group names used in Updraft. This is an optional process, required only if your IdP does not provide the actual group names, but instead sends an ID linked to the group in the IdP. You can configure this in the Settings of each SAML setup by using key/value pairs.
Updraft will automatically assign users to the right permission group.
It is important that the groups are created in Updraft (it is sufficient to enter the name of the permission group). The group mapping can then be carried out in the SAML provider. As soon as a user logs in via SSO, their group is then dedected and the user is assigned to the permission group in Updraft. This allows you to make fine granular settings for permissions down to app level - for example, you can only give your SSO user access to your test app via SSO mapping, but not to the productive app.
Last updated