# Team & Access – Members Management

### Scope <a href="#scope" id="scope"></a>

This document explains how **Team & Access** works at the Organizational Unit (OU) level, focusing on how **Members, Groups, Roles, and Permissions** are managed together to control access.

***

### I am new. Where should I start? <a href="#i-am-new.-where-should-i-start" id="i-am-new.-where-should-i-start"></a>

Start by understanding the access model:

* **Members** are individual users.
* **Groups** are collections of members.
* **Roles** define what actions are allowed.
* **Permissions** are the smallest access units contained inside roles.

> Best practice: assign permissions to **roles**, roles to **groups**, and users to **groups**.

***

### Purpose <a href="#purpose" id="purpose"></a>

* Manage who has access to an Organizational Unit
* Control what users can see and do
* Simplify access management using groups and roles
* Ensure consistent and secure permission assignment

***

### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before managing Team & Access, ensure that:

* You have **Admin or Access Management** permission on the OU
* The Organizational Unit already exists
* Required roles are already defined (or default roles are available)

***

### I already understand. How do I proceed step by step? <a href="#i-already-understand.-how-do-i-proceed-step-by-step" id="i-already-understand.-how-do-i-proceed-step-by-step"></a>

#### 1. Open Organizational Units <a href="#id-1.-open-organizational-units" id="id-1.-open-organizational-units"></a>

Navigate to **Organization → Organizational Units** and select the target OU.

***

#### 2. Open Team & Access <a href="#id-2.-open-team-and-access" id="id-2.-open-team-and-access"></a>

From the OU details page, open the **Team & Access** section.

**This section includes:**

* Members
* Groups
* Roles & Permissions

***

#### 3. Manage Members <a href="#id-3.-manage-members" id="id-3.-manage-members"></a>

Members represent individual users within the OU.

**You can:**

* View all members in the OU
* Invite new members
* Remove existing members
* View assigned roles (direct or via group)

***

#### 4. Add a Member <a href="#id-4.-add-a-member" id="id-4.-add-a-member"></a>

1. Click **Add Member**
2. Enter the user’s email
3. Assign one or more groups
4. (Optional) Assign a role directly
5. Confirm the invitation

> **Note**: Direct role assignment should be limited to special cases.

***

#### 5. Manage Groups <a href="#id-5.-manage-groups" id="id-5.-manage-groups"></a>

Groups help organize members and simplify permission management.

**You can:**

* Create a new group
* Add or remove members from a group
* Assign roles to a group

**Example groups:**

* QA Team
* Backend Team
* Security Admins

**5.1 Add a Group to the Workspace**

1. Click **+ Add groups**.
2. Search and select a group by name or code
3. Confirm to **Assign** the group.

> Members of the added group will automatically gain access to the workspace.

***

**5.2 View Group Members**

1. In the Groups list, click the **Action (⋯)** menu of a group.
2. Select **View members**.
3. A side panel opens showing:
   * Member name
   * Email
   * Added date
   * Added by

This view is read-only and reflects members synced from the organization.

***

**5.3 Manage Roles for a Group**

1. In the Groups list, open the **Action (⋯)** menu.
2. Select **Manage roles**.
3. Choose one or more roles from **Select roles**.
4. Assigned roles define the permissions for all members of this group within the workspace.

> Any role change applies immediately to all current and future group members.

***

**5.4 Remove a Group from the Workspace**

1. Open the **Action (⋯)** menu of the group.
2. Select **Remove**.&#x20;
3. Confirm the removal.

**Warning**:

* Removing a group will revoke **all roles and permissions** granted through this workspace for its members.
* The group itself is not deleted from the organization.

***

#### 6. Manage Roles & Permissions <a href="#id-6.-manage-roles-and-permissions" id="id-6.-manage-roles-and-permissions"></a>

**Roles**

Roles are collections of permissions.

**You can:**

* View predefined roles
* Create custom roles (if supported)
* Assign roles to groups or members

**Permissions**

Permissions define specific allowed actions, such as:

* Read resources
* Create or update data
* Manage access settings

Permissions are not assigned directly to users — they are always part of a role.

***

### Result <a href="#result" id="result"></a>

After completing these steps:

* Members have controlled access to the OU
* Permissions are consistently applied through roles
* Groups simplify onboarding and access updates
* The OU follows security and access best practices

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://oten.gitbook.io/identity-support/user-guide/business-account/administrator/team-and-access/manage-access-at-ou-and-workspace-level/manage-workspace-level/team-and-access-members-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.