GroupAdmins are end users who have been promoted by (organization-level) Admins or other GroupAdmins for the purpose of managing users in groups. Org Admins can define of scope of resources associated with a group. GroupAdmins can select and manage membership (user access lists) for the group.

GroupAdmins can be responsible for:

  • Group membership (add/remove)
  • Other Admin-like authorities (if configured)

Admin users can create groups and delegate GroupAdmin permissions to a user in that group. Organizing users into groups is useful when users work out of a shared team folder (which can be configured in user settings as their collective home folder).

Important: If you intend for a GroupAdmin to provide home directories off of a particular team or parent folder, you must grant the GroupAdmin user explicit sub folder (Subs) permissions to that parent folder.

Tip: It is best practice to run groups out of a shared folder with group permissions.

If configured, GroupAdmins can potentially control:

  • Logo and announcement group members see when they sign-on to MOVEit Transfer.
  • Group member access, password reset, and folder access.
  • User creation and administration.
  • User home folders other than default. —If you grant the GroupAdmin the appropriate subfolder access permission (Subs checkbox) to intended parent folder(s).
    Important: GroupAdmin role is more secure. Admins must grant GroupAdmins parent folder access when GroupAdmins need to assign home folders to users and the home folder path varies from the default user home path (for example: /home/myusername/).
Note: There is a security/convenience tradeoff whenever you delegate user create/delete/clone and password reset to GroupAdmin users. Before you grant this authority to a GroupAdmin, ensure this is appropriate for your site policy and data security standards.

To create a GroupAdmin

  1. Sign in as Admin. Click GROUPS. Add the group and add members to it. For more information, see Overview.
  2. In the list of group members, in the username row, click 'Make Admin' .

Consider this Before Delegating Admin-like Settings for GroupAdmins

While it can be convenient to grant GroupAdmins the authority to add new users to the database, this is not best practice. If you grant GroupAdmins the ability to create/clone/delete you are empowering GroupAdmins with Admin authority, which violates the principal of least privilege recommended by most data security standards.

GroupAdmin Setting (GROUPS > Group Profile page - GroupAdmin)

Description

Add new users as group members and edit/delete existing members.

Extends GroupAdmins authority to add and delete users to/from the database. Enables cloning new or existing users.

List all users in the organization and add existing users as group members.

Enables GroupAdmins to choose users from a list of existing org users.

To configure GroupAdmin rights for a group

  1. Sign on as Admin. Click GROUPS. Click a group name.

    The Group Profile page opens.

  2. Go to the Edit Group Admin Settings section. Make your selections and click Change GroupAdmin Settings.

GroupAdmins can also receive notifications about events that happen to the users they have control over, such as password expirations and user lockouts.

To enable a GroupAdmin to receive notifications about group member events:

  1. Sign in as Admin. Click USERS. Click the username of the GroupAdmin.

    The user's profile page opens.

  2. Set the user's notification setting to On + Admin. For more information, seeUser Profile - General Information.