To ease the management of users, we have implemented support for Group.
Groups are a well-known concept from most access management systems. By setting values on a group and letting users of the group inherit those values, we make it possible for administrators to divide organizations into entities of users that have similar security profiles. A typical scenario, where this would be used, would be when all employees - regardless of the organization they belong to – are granted a certain set of roles. This can be handled by somehow identifying them as employees when they log on and letting a Claim Transformation rule add these roles to the token issued to them. The alternative method is adding all the employees to a “Company Group” in Safewhere*Identify's user database and then making sure that this group was set to have access to the set of roles. All users who are then made a member of the Company group would automatically have the roles, which the Group has access to, added to their token when authenticating through Safewhere*Identify.