App Distribution for iOS, Android and Windows
DashboardStart for free
  • Updraft App Distribution Documentation
  • Microsoft App Center Alternative
    • Windows App Distribution
    • App Center Migration Tool
  • Welcome to Updraft!
    • What is Updraft?
  • Quickstart
    • Register your Organization
    • Your first app project
      • Upload your first app versions (builds)
      • Install your app
  • Dashboard
    • Create Projects
    • Latest received Feedbacks
    • Documentation
    • Usermanagement
      • Permission Groups
      • Tester Dashboard
    • Profile & User Account
      • Profile Preferences
        • Two-factor authentication
      • Personal token
      • Notifications
      • Organizations
      • Account Settings
      • Plan & Billing
        • Free Plan
        • Paid Plan (Pay-As-You-Go)
      • Security (Single Sign-On)
        • Single Sign-On with Okta
        • Single Sign-On with Google Worspace
        • Single Sign-On with Microsoft Entra
        • Single Sign-On with JumpCloud
        • Single Sign-On with Ping Identity
        • Custom SSO (SAML)
      • Developer Accounts
        • App Store Connect API
        • Google Play Connect API
  • Your Projects
    • Project Settings
      • Overview
      • Automatically clean up build binaries
      • Notification Integrations
        • Slack integration
        • Webhook integration
        • Microsoft Teams integration
        • Discord integration
        • WebEx integration
      • User & Permissions
    • App Overview & App Settings
      • Notifications
      • Security
      • Last uploaded build
      • Add another app to your project
      • Android App Bundle (AAB)
    • Builds and App versions
      • Build history / app version history
        • iOS Resigning
        • Android Resigning
      • Release Notes
      • Exchange already uploaded app version
      • Distribute and install a pre-release version of your app
        • App download page
    • Feedback
    • App Distribution
      • Testers & Distribution Groups
      • Distribute your app
        • Single Release
        • Beta Release (one link two apps)
        • Store
          • App Store Distribution
          • Play Store Distribution
      • Release History
      • Install an app distributed from Updraft
  • Integrations
    • Jenkins Plugin Updraft
    • Fastlane
    • Gradle
    • Teamcity with Gradle (Android)
    • Teamcity
    • GitLab CI/CD
      • GitLab iOS with Fastlane
      • GitLab app distribution for iOS builds
      • GitLab app distribution for Android builds
    • Bitrise
  • API
    • Upload API
    • Upload Apps with CURL
    • Rest API
      • Distribution group and Permission group API
  • Updraft SDK
    • Autoupdate
    • Integrating Updraft Android SDK
    • Integrating Updraft iOS SDK
    • Integrating Updraft Flutter SDK
  • Android
    • Unknown sources in Android
    • .apk installation on Samsung Browser
    • Android FAQ
    • 🪅Android Icon Troubleshooting
    • Google Play Store upload issues
  • iOS
    • Untrusted Enterprise Developer
    • Code Signing Explained (Certificates, Identifiers, Profiles – what?)
    • Registering a UDID for Ad Hoc Distribution
    • What does "App could not be installed at this time" mean?
    • iPadOS on Safari
    • iOS FAQ
  • Data Security
    • Data hosting in Switzerland
      • Swiss data privacy law
    • End to end data encryption
    • General Data Protection Regulation (GDPR)
    • Single Sign On (SSO)
    • Custom Storage
      • Google Cloud Storage
      • Custom S3 bucket
    • ISO 27001
  • What's New/ Changelog
  • Roadmap
  • FAQ
  • Contact us
Powered by GitBook
On this page
  • Group Management Overview
  • Assigning permission groups to projects
  • View project members source
  • Create permission groups
  • Add permission groups to users
  • Assign permission group to project(s)
  • Mapping SAML groups to Updraft permission groups
  1. Dashboard
  2. Usermanagement

Permission Groups

Manage large group of Updraft users with permission groups

Updraft clients with a large group of Users often face the challenge of managing large teams within their Identity Providers (IdPs) like Okta or Active Directory (AD). For big organizations with thousands of testers, it is impractical to manually assign users and groups to individual projects in Updraft. Manually adding users to each project becomes a time-consuming task, especially for large enterprises.

To address these challenges, we are introducing Permission Group Management in Updraft to streamline user and group assignments across Updraft projects.

Group Management Overview

  • A Permission Group is a collection of Updraft users who can be collectively assigned to projects.

  • Users can belong to one or more permission groups within Updraft.

  • Groups can be assigned to projects, eliminating the need to add individual users manually.

Assigning permission groups to projects

  • Organization owners can invite permission groups to projects via a group invitation mechanism.

  • When adding a group to a project, the user must define the group's maximum user-role in that project (e.g., Admin, Tester or Mobile-User).

  • The maximum user-role defines the highest access level any user in the group can obtain for that project.

View project members source

Project membership origin: For clarity, Updraft shows all sources of membership for each project member. If a project member has multiple sources of membership, each instance is shown and counted separately in the list of the project members. For example, when a project member is added to a group directly and also through inheritance, they appear twice in the project member list, each entry indicating a different source, and are counted as two distinct project members.

  • When a project member is added directly the source is: direct.

  • When a project member is added by permission group the source is: the name of the permission group.

Create permission groups

On the permission group page an Owner of an organization can create new permission groups.

  1. Create a new group

  2. Add a name

  3. Save it

Add permission groups to users

There are two possibilities to add permission groups to an Updraft user:

  1. On the Users page, the Owner of an Organization is able to select permission groups for each user

  2. SSO: When SSO users log in via an SSO integration (e.g., Okta, AD), Updraft automatically discovers their group memberships from the IdP.

    1. Newly detected permission groups are automatically added to the User, simplifying group management for large organizations.

    2. When you are using SSO and you would like to mapping SSO groups with Updraft permission groups, create first the permission groups in Updraft, so that the mapping works correctly.

Assign permission group to project(s)

  1. Click on the 3 dots next to your created permission group

  2. Select the projects and related applications to which your permission group should get access

    1. you can set indivual access on app level

  3. Select the user-role (The maximum user-role defines the highest access level any user in the group can obtain for that project)

  4. Add to project

Mapping SAML groups to Updraft permission groups

In certain situations, you may need to align the SAML groups from your Identity Provider (IdP) with the group names used in Updraft. This is an optional process, required only if your IdP does not provide the actual group names, but instead sends an ID linked to the group in the IdP. You can configure this in the Settings of each SAML setup by using key/value pairs.

Updraft will automatically assign users to the right permission group.

It is important that the groups are created in Updraft (it is sufficient to enter the name of the permission group). The group mapping can then be carried out in the SAML provider. As soon as a user logs in via SSO, their group is then dedected and the user is assigned to the permission group in Updraft. This allows you to make fine granular settings for permissions down to app level - for example, you can only give your SSO user access to your test app via SSO mapping, but not to the productive app.

PreviousUsermanagementNextTester Dashboard

Last updated 6 months ago