A managed group is a resource that represents a collection of accounts. The collection is formed by evaluating account information defined by the auth method's identity provider against the managed group's configuration; members cannot be managed manually. An account can be associated with zero or more managed groups within the same auth method. The managed group can be used as a principal within roles to assign grants.
All managed group types have the following configurable attributes:
Membership in OIDC managed groups is evaluated when the auth method is used for authentication, based on information contained within the OIDC ID token and the OIDC User Info endpoint. Every authentication will result in a new evaluation of managed group membership.
OIDC managed groups have the following additional attributes:
filter- (required) A boolean expression defining a filter run against the provided information. For general syntax information see the filtering concepts page; for more specific information on the data available for this purpose see the OIDC Managed Groups Filtering page.
Membership in LDAP managed groups is evaluated when the auth method is used for authentication, based on information contained within the LDAP server. Every authentication results in a new evaluation of managed group membership. LDAP managed groups have the following additional attributes:
group-names- (required) A list of group names.
The following services are relevant to this resource:
Refer to the Manage Users and Groups with HCP Boundary tutorial to learn how to complete user management related tasks.