If your domain is federated with VMware Cloud services, you can select groups from your corporate source domain and assign them roles in your Organization. These groups are called enterprise groups.

Enterprise groups are groups synced from your corporate domain. You can assign roles to more than one enterprise group at a time, and view the members in a selected group.
The members of the group you assign can hold several roles:
  • Organization role: A role within the Organization - Organization Owner or Organization Member. To see the privileges assigned to each of these roles, see How do I manage roles and permissions.
  • Service role: A role within one or more VMware Cloud services. Each cloud service has its own specific roles. For more information, refer to the documentation of the relevant VMware Cloud service.
  • Depending on your customer profile, you might also view the Managed Service Provider role which allows users to query the cloud service APIs for customer usage and data. If you assign this role to members of a tenant Organization, they will have access to all the data within the Organization.


  1. From the Cloud Services Console main menu, select Identity & Access Management > Groups.
  2. Click Select groups from your source domain and then click Continue.
  3. Search for the enterprise groups to which you want to assign roles.
  4. Assign the group an Organization role.
    Refer to the link above to see the permissions of each role.
  5. Select a service, and then assign the group one or more roles in the service.
    When you select a service, the service default role appears. Click the role to select a different role.
  6. To give the group access to another service, click Add Service Access, and assign a role.
  7. Click Add.
    To send an email to users with the Organization Member role, select the check box. Users with the Organization Owner are automatically sent an email.