• HashiCorp Developer

  • HashiCorp Cloud Platform
  • Terraform
  • Packer
  • Consul
  • Vault
  • Boundary
  • Nomad
  • Waypoint
  • Vagrant
Boundary
  • Install
  • Tutorials
  • Documentation
  • API
  • Try Cloud(opens in new tab)
  • Sign up
Boundary Home

Docs

Skip to main content
  • Docs
    • Overview
    • Service Discovery
      • Overview
      • Accounts
      • Auth Methods
      • Credentials
      • Credential Libraries
      • Credential Stores
      • Groups
      • Hosts
      • Host Catalogs
      • Host Sets
      • Managed Groups
      • Scopes
      • Sessions
      • Session Connections
      • Targets
      • Roles
      • Users
  • Common Workflows


  • HCP Boundary


  • Resources

  • Tutorial Library
  • Community Forum
    (opens in new tab)
  • Support
    (opens in new tab)
  • GitHub
    (opens in new tab)
  1. Developer
  2. Boundary
  3. Docs
  4. Concepts
  5. Domain Model
  6. Managed Groups
  • Boundary
  • v0.10.x
  • v0.9.x
  • v0.8.x
  • v0.7.x
  • v0.6.x
  • v0.5.x
  • v0.4.x
  • v0.3.x
  • v0.2.x
  • v0.1.x

ยปManaged Groups

A managed group is a resource that represents a collection of accounts. The collection is formed by evaluating account information defined by the auth method's identity provider against the managed group's configuration; members cannot be managed manually. An account can be associated with zero or more managed groups within the same auth method. The managed group can be used as a principal within roles to assign grants.

Attributes

All managed group types have the following configurable attributes:

  • name - (optional) If set, the name must be unique within the account's auth method.

  • description - (optional)

OIDC Managed Group Information and Attributes

Membership in OIDC managed groups is evaluated when the auth method is used for authentication, based on information contained within the OIDC ID token and the OIDC User Info endpoint. Every authentication will result in a new evaluation of managed group membership.

OIDC managed groups have the following additional attributes:

  • filter - (required) A boolean expression defining a filter run against the provided information. For general syntax information see the filtering concepts page; for more specific information on the data available for this purpose see the OIDC Managed Groups Filtering page.

Referenced By

  • Accounts
  • Auth Method

Service API Docs

The following services are relevant to this resource:

  • Managed Group Service

Tutorial

Refer to the Manage Users and Groups with HCP Boundary tutorial to learn how to complete user management related tasks.

Edit this page on GitHub

On this page

  1. Managed Groups
  2. Attributes
  3. Referenced By
  4. Service API Docs
  5. Tutorial
Give Feedback(opens in new tab)
  • Certifications
  • System Status
  • Terms of Use
  • Security
  • Privacy
  • Trademark Policy
  • Trade Controls
  • Give Feedback(opens in new tab)