Help Center Home > Device Groups > Assign a Device Group or Policy Group

Assign a Device Group or Policy Group

After you create your device groups, you can save time by connecting device groups to user groups or connecting policy groups to device groups. Access to all resources is implicitly denied by default.  

Assigning a Device Group to a User Group

Warning:

Binding a user group to a device group will create a local user account for each user in the user group on each device in the device group. Adding a large number of user accounts to a device may prevent it from operating correctly.

To grant access, user groups must be explicitly bound to resources. 

To assign a device group to a user group:

  1. Log in to the JumpCloud Admin Portal.
  2. Go to DEVICE MANAGEMENT > Device Groups.
  3. Select any one of the device groups by clicking anywhere along each row.
  4. Select the User Groups tab.
  5. Select the checkbox next to a group of users.
  1. Click save.

Assigning a Policy Group to a Device Group

You can save time by creating a policy group, adding multiple policies to it, and assigning the group to a device group. For example, you can create a policy group for macOS devices called Mac Security that uses JumpCloud’s Lock Screen policy to automatically turn on the screen saver if a device is inactive for a specific amount of time. The policy group could also contain a policy to control Apple App Store purchases to allow only updates to existing apps.

A policy group is especially useful in implementing security or compliance-related issues on managed devices.

Prerequisite:

To assign a policy group to a device group:

  1. Log in to the JumpCloud Admin Portal.
  2. Go to DEVICE MANAGEMENT > Device Groups.
  3. Select any one of the device groups by clicking anywhere in the row.
  4. Select the Policy Groups tab.
  5. Select one or more policy groups to assign to this device group.
  1. Click save.

Setting the Administrator/Sudo Permissions on a User Group

Setting Administrator/Sudo permission at the user group level centralizes management of elevated device permissions in a single place. Permissions set at the user group level will be applied to the associated device groups. Group members will inherit permissions to devices that are associated with those device groups.

Considerations:

  • Permissions that are granted directly on a user supersede permissions granted at a group level.  
  • It’s possible to have permissions added on both the direct user association to the device and the indirect group association to the device. This is visible on the association of a user and a device. (See example image below).  
  • It’s possible to remove duplicate permission assignments on a user to device association via removing the elevated permission on the associated device by selecting “No Elevated Permissions” or via removing the user from the group.  
  • If permissions are elevated on a direct association prior to a group association, it may be desirable to remove the duplicate access grants.

To give users within a user group Administrator/Sudo access across all device groups:

  1. Log in to the JumpCloud Admin Portal.
  2. Go to USER MANAGEMENT > User Groups.
  3. Select a user group from the list. The Details tab for that user group appears.
  1. Select Enable users as Administrator/Sudo on all devices associated through device groups checkbox and click save. All users in that user group will be given administrator permissions on all devices bound to any device group associated to the user group. A “Permission Settings Update” email notification is sent. 

Note:

The Global Passwordless Sudo setting is applicable to Linux and Mac devices and only recommended for service accounts.

image
Back to Top

List IconIn this Article

Notebook IconLearn More

Create a Device Group

Create a Policy

Course: Leveraging User and Device Groups

Tutorial: Device Groups

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case