Linked groups

Groups pulled from different end systems might have similar names and identical members. In Opal, you can link these groups, setting one as the source of truth, to simplify the request experience for end users. When users request the other linked group, Opal redirects end users to the source of truth group.

In the API, linked groups are available using the /group-bindings endpoints.

Link groups

To get started, admins can go to Configuration > Linked Groups. To make finding identical groups easier, Opal provides a list of suggestions based on group membership and naming.

To confirm a suggestion is in fact an identical group, select Compare to identify the differences in naming and membership.

If the groups are unrelated, select the Xbutton on the rightmost section of the given row. If the groups are similar enough to be considered identical, select a source of truth. The source of truth is requestable by end users in Opal, and requests to the other groups(s) are redirected to the source of truth. Select Link Groups to set up this relationship.

To unlink groups, select the red X button on the list of linked groups.

Select the grey pencil button to edit the relationship. A relationship can be altered by changing the source of truth for the link or adding new groups to the link.

End user experience

📘

If a user's access is removed from any group in a linked group, source of truth or otherwise, access to both groups is revoked.

After you link groups, an end user requesting a non source of truth group sees the following modal:

Requesting the source of truth redirects users to the correct resource, preventing confusion and clutter.