Creating Groups
Three types of objects are involved in the creation of Groups:
Group Factory
Store the definition of which Attribute should be used for grouping and what to call the associated set of Groups
GroupDefinition
Contain the actual filter used to match identities to the group. Populations are also stored as GroupDefinition objects. Running the Refresh Groups task scans the GroupFactories which in turn creates GroupsDefinitions for the values of the factory attribute.
GroupIndex
Also referred to as group scorecard; maintain statistics about a particular GroupDefiniiton (number of members, policy violations, composite risk score).
Groups are created on the Group Configuration window (menu option Setup > Groups) by clicking Create New Group on the Groups tab.
The Name field specifies what the GroupFactory will be called. A single Group Attribute is selected to define the selection criterion for membership in each of the created Groups; only Attributes that have been defined as "Group Factory" attributes can be used in creating Groups, so the selection list only includes those Attributes. When the Group is saved, a GroupDefinition is created for each value of that Attribute in the current set of Identities.
Identities' Group membership is determined at the time the Group is applied to an activity in IdentityIQ (such as when a Certification or a Task runs) based on the GroupDefinition filter. If an Identity's Group Attribute value changes, its new value is used for Group-based actions from the moment of the change. However, the statistics tracked in the GroupIndex, as well as the list of GroupDefinitions themselves, are only updated when an Identity Refresh task runs for which the Refresh the group scorecards option is selected. This means that if a new value is added for the Group Attribute (for example, if a new manager is hired and assigned for a set of Identities), the new Group corresponding to that value will not be created or applied to any system activity based on the Group Factory until the refresh task runs.