Groups
Last updated
Last updated
When a Single Sign-On (SSO) is configured to access CARTO, we can also synchronize the groups coming from your Identity Provider (IdP) after each user’s login.
Groups are only available for Enterprise Large plans and above. Groups also require an SSO integration. Please get in touch at support@carto.com if you’re interested in this feature.
We synchronize the membership for each user when they log in through the SSO, and we make any necessary changes.
Example
User A:
Belongs to the “Sales” and “North America” groups at the IdP level
Logs in to CARTO
CARTO creates the groups “Sales” and “North America” and adds user A to both groups
User B:
Belongs to the “Sales” and “Asia” groups at the IdP level
Logs in to CARTO
CARTO creates the group “Asia” and adds user B to the “Asia” and “Sales” groups
In practice, this means that groups in CARTO will be kept in sync with the SSO groups throughout all possible changes, including a user being removed from a group.
Groups can be used to fine-tune access and more granular sharing in different parts of the CARTO platform, such as connections and maps. Read more about sharing maps with certain groups.
You can use groups to automatically control each user's role by mapping each group to a role in CARTO. Learn more about mapping groups to roles.