> For the complete documentation index, see [llms.txt](https://oten.gitbook.io/identity-support/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oten.gitbook.io/identity-support/user-guide/organization-admin-app/administrator/team-and-access/manage-access-at-ou-and-workspace-level/manage-workspace-level/team-and-access-members-management.md).

# Team & Access – Members Management

### Scope <a href="#scope" id="scope"></a>

This document explains how **Team & Access** works at the Organizational Unit (OU) level, focusing on how **Members, Groups, Roles, and Permissions** are managed together to control access.

***

### I am new. Where should I start? <a href="#i-am-new.-where-should-i-start" id="i-am-new.-where-should-i-start"></a>

Start by understanding the access model:

* **Members** are individual users.
* **Groups** are collections of members.
* **Roles** define what actions are allowed.
* **Permissions** are the smallest access units contained inside roles.

> Best practice: assign permissions to **roles**, roles to **groups**, and users to **groups**.

***

### Purpose <a href="#purpose" id="purpose"></a>

* Manage who has access to an Organizational Unit
* Control what users can see and do
* Simplify access management using groups and roles
* Ensure consistent and secure permission assignment

***

### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before managing Team & Access, ensure that:

* You have **Admin or Access Management** permission on the OU
* The Organizational Unit already exists
* Required roles are already defined (or default roles are available)

***

### I already understand. How do I proceed step by step? <a href="#i-already-understand.-how-do-i-proceed-step-by-step" id="i-already-understand.-how-do-i-proceed-step-by-step"></a>

#### 1. Open Organizational Units <a href="#id-1.-open-organizational-units" id="id-1.-open-organizational-units"></a>

Navigate to **Organization → Organizational Units** and select the target OU.

***

#### 2. Open Team & Access <a href="#id-2.-open-team-and-access" id="id-2.-open-team-and-access"></a>

From the OU details page, open the **Team & Access** section.

**This section includes:**

* Members
* Groups
* Roles & Permissions

***

#### 3. Manage Members <a href="#id-3.-manage-members" id="id-3.-manage-members"></a>

Members represent individual users within the OU.

**You can:**

* View all members in the OU
* Invite new members
* Remove existing members
* View assigned roles (direct or via group)

***

#### 4. Add a Member <a href="#id-4.-add-a-member" id="id-4.-add-a-member"></a>

1. Click **Add Member**
2. Enter the user’s email
3. Assign one or more groups
4. (Optional) Assign a role directly
5. Confirm the invitation

> **Note**: Direct role assignment should be limited to special cases.

***

#### 5. Manage Groups <a href="#id-5.-manage-groups" id="id-5.-manage-groups"></a>

Groups help organize members and simplify permission management.

**You can:**

* Create a new group
* Add or remove members from a group
* Assign roles to a group

**Example groups:**

* QA Team
* Backend Team
* Security Admins

**5.1 Add a Group to the Workspace**

1. Click **+ Add groups**.
2. Search and select a group by name or code
3. Confirm to **Assign** the group.

> Members of the added group will automatically gain access to the workspace.

***

**5.2 View Group Members**

1. In the Groups list, click the **Action (⋯)** menu of a group.
2. Select **View members**.
3. A side panel opens showing:
   * Member name
   * Email
   * Added date
   * Added by

This view is read-only and reflects members synced from the organization.

***

**5.3 Manage Roles for a Group**

1. In the Groups list, open the **Action (⋯)** menu.
2. Select **Manage roles**.
3. Choose one or more roles from **Select roles**.
4. Assigned roles define the permissions for all members of this group within the workspace.

> Any role change applies immediately to all current and future group members.

***

**5.4 Remove a Group from the Workspace**

1. Open the **Action (⋯)** menu of the group.
2. Select **Remove**.&#x20;
3. Confirm the removal.

**Warning**:

* Removing a group will revoke **all roles and permissions** granted through this workspace for its members.
* The group itself is not deleted from the organization.

***

#### 6. Manage Roles & Permissions <a href="#id-6.-manage-roles-and-permissions" id="id-6.-manage-roles-and-permissions"></a>

**Roles**

Roles are collections of permissions.

**You can:**

* View predefined roles
* Create custom roles (if supported)
* Assign roles to groups or members

**Permissions**

Permissions define specific allowed actions, such as:

* Read resources
* Create or update data
* Manage access settings

Permissions are not assigned directly to users — they are always part of a role.

***

### Result <a href="#result" id="result"></a>

After completing these steps:

* Members have controlled access to the OU
* Permissions are consistently applied through roles
* Groups simplify onboarding and access updates
* The OU follows security and access best practices

<br>
