Managing user groups
When a Single Sign-On (SSO) is configured to access CARTO, we can also synchronize the groups coming from your Identity Provider (IdP) after each user’s login.
How are groups synchronized with the SSO?
We synchronize the membership for each user when they login through the SSO, and we make any necessary changes.
In practice this means that groups in CARTO will be kept in sync with the SSO groups throughout all possible changes, including a user being removed from a group.
Groups can be used to fine-tune access and more granular sharing in different parts of the CARTO platform, such as connections and maps. Read more about sharing maps with certain groups.