Groups

The Groups page allows you to create groups of members, based on roles and locations. For example, it allows you to apply a Policy to multiple members or restrict access only to a segment of the network.

Note - Segmenting networks uses the Software Defined Perimeter (SDP) technology. This isolates sensitive data and reduces the attack surface, minimizing the impact during security breaches.

To view the Groups page, access the Harmony SASE Administrator Portal and click Team > Groups.

Column	Description
Group	Group name.
Networks	Name of the networks assigned to the group.

Creating a Group

1. Access the Harmony SASE Administrator Portal and click Team > Groups.

2. Click Add Group.

   The Create new group window appears.

   

   Note - You can search and select users in the Assign new members section in the right-pane.

3. Enter the group name and click Create Group.

4. To add members to the group:

   1. Click the icon in the last column of the group and then select Manage Members.

      

   2. In the Assign new members section, click + and select the required members.

5. To add networks to a group or to grant access to a network segment:

   1. Click the icon in the last column of the group and then select Manage Networks.

      

      The Assign Network to Group pop-up appears.

   2. Select the network and click Done.

      The members can access only the selected networks from the Harmony SASE Agent.

6. To delete a group, hover over the group that you want to delete and click .

   

   The Delete Group window appears.

   

7. Click Delete Group.

   Notes: A group can also be automatically created as a result of an IDP sync over SCIM, and associate users with it. When a group is deleted in the Identity Provider (for example, Okta), it remains in any policies or configurations where it was previously used. It appears greyed out and when you hover over it, Deleted Group message is displayed. You cannot add the deleted group in any policies, but it can be removed from the existing policies. When the deleted group is re-enabled, it is restored without any members. To add members again, you must manually assign them through the IdP.