Red Hat SummitChapter 43. Managing host groups using the IdM Web UI
Manage host groups and their members in Identity Management (IdM) using the Web UI to organize hosts for easier policy management. Host groups simplify the application of access control rules and other policies to multiple hosts.
For general information about host groups, see Section 42.1, “Host groups in IdM”.
43.1. Viewing host groups in the IdM Web UI
View host groups and their members by using the Identity Management (IdM) Web UI to understand how hosts are organized and which hosts or nested groups belong to each host group.
Prerequisites
- Administrator privileges for managing IdM or User Administrator role.
- You are logged-in to the IdM Web UI. For details, see Accessing the IdM Web UI in a web browser.
Procedure
- Click Identity>Groups, and select the Host Groups tab. The Host Groups page lists the existing host groups and their descriptions. You can also search for a specific host group.
- Click on a group in the list to display the hosts that belong to this group. You can limit results to direct or indirect members.
- Select the Host Groups tab to display the host groups that belong to this group (nested host groups). You can limit results to direct or indirect members.
43.2. Creating host groups in the IdM Web UI
Create host groups using the Identity Management (IdM) WebUI to organize and manage multiple hosts as a single unit. Host groups simplify policy application and administrative tasks across your infrastructure.
Prerequisites
- Administrator privileges for managing IdM or User Administrator role.
- You are logged-in to the IdM Web UI. For details, see Accessing the IdM Web UI in a web browser.
Procedure
-
Click Identity
Groups, and select the Host Groups tab. - Click Add. The Add host group dialog appears.
- Provide the information about the group: name (required) and description (optional).
- Click Add to confirm.
43.3. Deleting host groups in the IdM Web UI
You can delete host groups using the Identity Management (IdM) WebUI. Deleting a host group does not delete the group members from IdM.
Prerequisites
- Administrator privileges for managing IdM or User Administrator role.
- You are logged-in to the IdM Web UI. For details, see Accessing the IdM Web UI in a web browser.
Procedure
- Click Identity>Groups and select the Host Groups tab.
- Select the IdM host group to remove, and click Delete. A confirmation dialog appears.
- Click Delete to confirm
43.4. Adding host group members in the IdM Web UI
Add hosts to host groups using the Identity Management (IdM) Web UI to apply policies and access controls to multiple systems collectively. Host groups simplify administration by managing related systems as a single unit.
Prerequisites
- Administrator privileges for managing IdM or User Administrator role.
- You are logged-in to the IdM Web UI. For details, see Accessing the IdM Web UI in a web browser.
Procedure
-
Click Identity
Groups and select the Host Groups tab. - Click the name of the group to which you want to add members.
- Click the tab Hosts or Host groups depending on the type of members you want to add. The corresponding dialog appears.
- Select the hosts or host groups to add, and click the > arrow button to move them to the Prospective column.
- Click Add to confirm.
43.5. Removing host group members in the IdM Web UI
Remove hosts or nested host groups from an Identity Management (IdM) host group in the IdM Web UI to revoke their membership-based policies and access.
Prerequisites
- Administrator privileges for managing IdM or User Administrator role.
- You are logged-in to the IdM Web UI. For details, see Accessing the IdM Web UI in a web browser.
Procedure
-
Click Identity
Groups and select the Host Groups tab. - Click the name of the group from which you want to remove members.
- Click the tab Hosts or Host groups depending on the type of members you want to remove.
- Select the checkbox next to the member you want to remove.
- Click Delete. A confirmation dialog appears.
- Click Delete to confirm. The selected members are deleted.
43.6. Adding IdM host group member managers using the Web UI
Designate users or user groups as member managers using the Identity Management (IdM) Web UI to delegate host group membership management. Member managers can add or remove hosts from groups without having full administrative privileges.
Prerequisites
- Administrator privileges for managing IdM or User Administrator role.
- You are logged-in to the IdM Web UI. For details, see Accessing the IdM Web UI in a web browser.
- You must have the name of the host group you are adding as member managers and the name of the host group you want them to manage.
Procedure
- Click Identity>Groups and select the Host Groups tab.
- Click the name of the group to which you want to add member managers.
- Click the member managers tab User Groups or Users depending on the type of member managers you want to add. The corresponding dialog appears.
- Click Add.
- Select the users or user groups to add, and click the > arrow button to move them to the Prospective column.
Click Add to confirm.
NoteAfter you add a member manager to a host group, the update may take some time to spread to all clients in your Identity Management environment.
Verification
On the Host Group dialog, verify the user group or user has been added to the member managers list of groups or users.
43.7. Removing IdM host group member managers using the Web UI
Remove users or user groups as host group member managers in Identity Management (IdM) by using the IdM Web UI to revoke their ability to manage group membership. Member managers can add and remove group members but cannot change the attributes of the host group.
Prerequisites
- Administrator privileges for managing IdM or User Administrator role.
- You are logged-in to the IdM Web UI. For details, see Accessing the IdM Web UI in a web browser.
- You must have the name of the existing member manager host group you are removing and the name of the host group they are managing.
Procedure
- Click Identity>Groups and select the Host Groups tab.
- Click the name of the group from which you want to remove member managers.
- Click the member managers tab User Groups or Users depending on the type of member managers you want to remove. The corresponding dialog appears.
- Select the user or user groups to remove and click Delete.
Click Delete to confirm.
NoteAfter you remove a member manager from a host group, the update may take some time to spread to all clients in your Identity Management environment.
Verification
On the Host Group dialog, verify the user group or user has been removed from the member managers list of groups or users.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}