When JumpCloud groups are created, by default they are Static User Groups<\/strong> – groups with fixed memberships that must be changed manually. Static user groups are best for situations when the membership is primarily unchanging, and the membership in the group cannot be formed using an easily-defined criteria. But, modern-day IT operations are complex and challenging. IT admins no longer manage Windows-only environments with local users secured by a firewall. Today’s trends entail enterprise mobility, BYOD management, multi-OS environments, etc., making IT operations both complex and crucial.<\/p>\n\n\n\n
Dynamic User Groups<\/strong> facilitate automatic membership changes, depending upon the membership conditions set by the admin. If a user meets a meets particular criteria, they get added to a group. Likewise, if a user no longer meets the criteria, they are automatically removed from the group. Onboarding new users or adjusting group membership when conditions change for individual users and groups is seamlessly and instantly completed.<\/p>\n\n\n\n
Benefits of Dynamic User Groups: <\/p>\n\n\n\n
<\/p><\/div>
Guide Me: Enable and Configure Dynamic User Groups<\/a><\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
<\/p><\/div>
If Require administrator review of updates<\/strong> is not selected, dynamic group membership changes will be automatic with no notification. As a result, you may experience unplanned system disruptions. It is highly recommended to use the Require administrator review of updates<\/strong> option first to verify group membership changes. After verifying group membership is functioning as desired, then deselect this option.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
<\/p><\/div>
There is no validation when creating a dynamic user group, so you can potentially create illogical or contradictory user group rules resulting in incorrect group membership. Previewing your group’s membership before saving it is highly recommended.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
<\/p><\/div>
At this time, the following operators will only work with one value. The plus icon will be greyed out.<\/p>\n\n\n\n
<\/p><\/div>
The values are case-sensitive<\/strong> and must match exactly<\/strong> to what is entered in the user’s record. Using the example below, if the dynamic group’s rule is Location equals “Ft. Lauderdale” and the user’s Location is “Ft Lauderdale” (without the period), the user will not be included in the group membership.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Custom attributes can be used to store additional information about your users that isn\u2019t provided in one of JumpCloud’s standard user attributes. There are some limitations when configuring custom attributes for users<\/a> and other limitations when using those custom attributes for dynamic group membership:<\/p>\n\n\n\n
When configuring a dynamic user group, you have the option to enable Require administrator review of updates<\/strong> before membership changes are made. All administrators, except those with Read Only or Help Desk roles<\/a>, will be able to review and accept or reject membership updates in the Admin Portal. You can also enable Receive emails when administrator review is needed for updates<\/strong> to receive Suggestions emails. <\/p>\n\n\n\n
<\/p><\/div>
Actions to unbind a policy* that has been bound to a user or device through its membership in a dynamic group will not take effect; the rules of the dynamic group will re-bind the user or device. If you want to remove a policy* from an individual user or device, you must create an exemption for that user or device within the dynamic group.<\/p>\n\n\n\n
*Or other types of bindings, such as SSO applications, commands or software.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
The workflow below shows three different flows when implementing Dynamic User Groups with user exemptions.<\/p>\n\n\n\n
<\/p><\/div>
Configure groups strategically using rules to result in the targeted membership, using exemptions sparingly. If you find you can’t reach the desired group membership without a large number of exemptions, reach out to JumpCloud so that we can understand what additional rules or conditions may be needed.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
<\/p><\/div>
Exemptions configured to include or exclude a user from a user group are NOT<\/strong> reflected in the Preview Group Membership<\/strong> modal. You can review the Exemptions List by looking at the pills beneath Users to include<\/strong> or Users to exclude<\/strong> or by navigating to the group’s Users <\/strong>tab and confirming that Manual Include<\/strong> is listed for that user in the Exemption <\/strong>column.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
When JumpCloud groups are created, by default they are Static User Groups – groups with fixed memberships that must be […]<\/p>\n","protected":false},"author":206,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2856,2928,2852,2933,2850],"support_tag":[],"coauthors":[2842],"acf":[],"yoast_head":"\n