GregH.00578 (Customer) asked a question.
Group Rules
We have an application with multiple environments. (Dev, UAT, Prod)
I am using groups to control access for different clients (DevUserGroup_ClientA, DevUserGroup_ClientB etc)
Currently in Dev, I am using a group rule to add users to the appropriate group, based on a CompanyID attribute.
If I change the rule to add users to another environment based on the same attribute, all existing users will get access to the new environment.
Trouble is - not all dev & test users should get access to the production app. How can i prevent this?
Hello @GregH.00578 (Customer),
Group rules are applied to your entire org, and they can be triggered whenever you change a user's profile, group membership, or lifecycle state. Observe these best practices when creating group rules:
Review your existing rules to prevent duplicate conditions. Creating three separate rules with the same condition means that eligible users are members of three separate groups. Additional rules take longer to evaluate, and they can stretch your org's group limit.
https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-group-rules-best.htm
Here are some ideas about how to create a Group Rule using Basic conditions and also using Okta Expression Language:
https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-create-group-rules.htm
Please let us know if this helps you.
Regards,
Natalia
Okta Inc.