Table of contents
Manage access to services via groups
What is a group?
A group is a set of delegates of an institution who are grouped together according to a common characteristic. For example, a group of users can represent a specific office or a technological partner that supports the institution.
Consult the Reserved Area Operating Manual for more details about groups.
Why create a group in IO?
As the administrator of an institution, by creating a group of users for the IO product, you can:
- Associate one or more services with an active group. In this way, the users (operators) of that group can work, via the back-office, only with the services associated with them.
- Create specific Manage API keys for that group. The users (operators) of the group working via API will not be able to view the general API manage key, rather only the those specific to that group, which allow them to work only with the services “connected” to their group.
As the administrator user, by using groups you can limit the cone of visibility and operation for the operator users for some IO services.
As an operator user, you can see and manage only the services that were assigned to the groups to which you belong.
What does it mean to suspend a group?
As an institution administrator, in the Reserved Area you can suspend a group, and as a result:
- Suspend any API Key associated with it, in order to block the operation of the users of this key.
- Block all the actions on services by operators belonging to that group.
Groups can be created and managed only by administrator users. Specifically:
| What can be done | Administrator | Operator without a group | Operator with a group | Operator with a suspended group |
|---|---|---|---|---|
| Create a group | ||||
| Add users to a group | ||||
| Edit/Suspend/Delete a group | ||||
| Create and manage group API keys | ||||
| View all the group API keys | ||||
| View the API keys of the group to which the user belongs | ||||
| Manage the Manage API key | ||||
| View the Manage API key | ||||
| View and manage all the services | ||||
| View and manage all the services in the group to which the user belongs |
- Create a group in the Reserved Area (click here for more details about the functionality).
- Access the IO back office
- Go to the “Services” section and associate the group that was just created with only the services that you want the users to be able to use.
- You can associate the services by clicking “Associate group” to the top right;
- You can access the details of each Service and, on the information panel, click the pencil icon next to the group item.
- If the users of your institution work via API:
- Go to the API key section;
- Create a new Group API key for the group that was just created;
- Inform the operator users of the group that now have the new API keys that they can use to work with the services and that they can retrieve in the back office.
Haven't completed onboarding yet and need help?
Write an email describing your problem or question to the address areariservata@assistenza.pagopa.it.
Tell us what you think
To report problems or give feedback, leave a comment in the GitHub space of the IO app