Group Mapping

Group Mapping allows administrators to control access to HP Insights by linking groups from an external identity provider (IdP), such as Microsoft Entra ID, to roles within HP Insights. This enables role‑based access control that is managed centrally through the organization’s IdP rather than individually within HP Insights. Instead of managing individual admin accounts in Pharos Cloud, access is managed centrally through your identity provider. When users sign in using Single Sign‑On (SSO), their permissions are automatically assigned based on the groups they belong to..

Group Mapping is typically used in environments where Single Sign‑On (SSO) and SCIM provisioning are enabled.

How it works

  1. Users and groups are synced from the IdP into HP Insights using SCIM

  2. An admin creates a group mapping that connects an IdP group to a HP Insights role

  3. When a user signs in via SSO, HP Insights checks their group membership and grants access according to the mapped role.For example, an Entra ID group “Company‑IT‑Admins” is mapped to the IT Administrator role, so any user in that group automatically gets IT admin access when they sign in via SSO. If the user is removed from the IdP group, access is revoked immediately.

Create a Group Mapping

  1. In the web console, go to Users > Group Mapping.The Group Mapping tab displays the groups that have been synchronized from your IdP

  2. Select Create. The Create Role Mapping panel opens.

Note: The Create button in Users > Group Mapping is disabled when one or more prerequisites for creating a group‑to‑role mapping have not been met. Group Mapping is part of the SSO‑based administrative access model. If the authentication provider, SCIM synchronization, or Admin SSO configuration has not been completed, group mapping cannot be created.

  1. In the Group field, select the IdP group you want to map.

  2. In the Role field, select the HP Insights role to assign to the group (for example, System Administrator or IT Administrator).

  3. The selected role determines what users in this group can access in the HP Insights web console.

  4. Select Apply to save the mapping.

  5. The group is now mapped to the selected role. Users who belong to this group will receive the assigned permissions when they sign in.