# User Groups **User Groups** are a powerful feature in AIR designed to streamline user access management across organizations, especially in large environments or those using Single Sign-On (SSO). ### What Are User Groups? User Groups allow you to manage users collectively instead of individually. This simplifies role assignments and organization-level access across AIR. Whether you're handling internal teams or integrating with Azure AD or Okta, User Groups provide scalable, centralized control. ### Why Use User Groups? Managing user access across multiple organizations can be time-consuming. With User Groups, you can: * Group users by function, department, or region * Assign them to organizations and roles in bulk * Sync groups directly from SSO providers like **Azure AD** or **Okta** This reduces manual overhead and ensures consistency in access management. ### Accessing the User Groups Page To access this feature: * Navigate to **Settings** → **User Groups** > *Note: Only Global Admins can access and manage User Groups.* ### Creating a New User Group 1. Click **Create Group** 2. Enter a **Group Name** (e.g., "HR Team") 3. Optionally, provide a description for context ### Adding Users to a Group After creating a group: 1. Select users from your existing AIR user list 2. Users in the group automatically inherit all organization and role assignments associated with the group > *You can always view and manage group membership from the main User Groups table.* ### Syncing with SSO (Optional) If you're using Azure AD or Okta: * Toggle **"Sync with SSO"** when creating or editing a group * Once enabled, group membership is pulled from your identity provider * Manual editing of group members in AIR will be disabled > *A tooltip will indicate that synced groups are read-only within AIR.* ### Assigning a User Group to an Organization 1. Go to **Settings** → **Organizations** 2. Create or edit an organization 3. In **Step 2** of the wizard, assign the desired User Group(s) All users in the selected group will be granted access to the organization with their predefined roles. ### Managing Group Membership * In the **User Groups** table, click the **user count** to view members > *For SSO-synced groups, membership cannot be modified in AIR.* ### Safeguards When Removing Users Users added via a group **cannot be removed individually** from an organization.\ To revoke access: * Remove the user from the **User Group** > A tooltip will appear if removal is attempted at the individual level. ### Viewing Group Membership from the Users Page The **Users** list now includes a **Groups** column to show which user groups a person belongs to. This offers helpful context when reviewing or auditing user access. ### Notes and Limitations * Only **Global Admins** can create and edit User Groups * **Group duplication** is not yet available, but it is planned * When a user is assigned to an organization both individually and via a group, the **group assignment takes precedence** * To fully remove access, remove the user from the group ### Summary **User Groups** simplify access control and scale with your environment. Benefits include: * Centralized user and role management * SSO directory sync support * Consistent access inheritance across organizations Whether you're managing 10 users or 10,000, User Groups provide a more efficient and secure way to manage access in AIR.