Using conditional user groups allows you to validate/invalidate user group membership based on SAML attribute values. When users are added to a conditional user group, they receive the group permissions only if the group condition is met, for example, if they log in from the right location. For instructions on how to create conditional user groups, see Conditional user groups.
To allow users to create conditional user groups, first, you have to enable this feature in the Settings application as described below.
To enable conditional user groups
- Go to the Settings application and select Server settings on the left side of the screen.
- In the User management card, turn on the Conditional user groups option.
Once conditional user groups are enabled, you can set a user group as conditional and determine user access rights dynamically by SAML IDPs on each login operation by taking network and user location (and possibly other criteria) into account.
