If your domain is federated with Tanzu Platform cloud services, you can select groups from your corporate source domain and assign them roles in your Organization. These groups are called enterprise groups.
Enterprise groups are groups synced from your corporate domain. You can assign roles to more than one enterprise group at a time, and view the members in a selected group.
The members of the group you assign can hold several roles:
Depending on your customer profile, you might also view the Managed Service Provider role which allows users to query the cloud service APIs for customer usage and data. If you assign this role to members of a tenant Organization, they will have access to all the data within the Organization.
From the Tanzu Platform cloud services console main menu, select Identity & Access Management > Groups.
Click Select groups from your source domain and then click Continue.
Search for the enterprise groups to which you want to assign roles.
Assign the group an Organization role.
Refer to the link above to see the permissions of each role.
Select a service, and then assign the group one or more roles in the service.
When you select a service, the service default role appears. Click the role to select a different role.
To give the group access to another service, click Add Service Access, and assign a role.
Click Add.
To send an email to users with the Organization Member role, select the check box. Users with the Organization Owner are automatically sent an email.
Parent topic:How do I work with groups