Creating directory-linked groups Skip Navigation

Creating directory-linked groups

You can create groups in 
BlackBerry UEM
 that are linked to one or more groups in your company directory. These 
BlackBerry UEM
 groups are called "directory-linked groups." Only directory user accounts can be members of a directory-linked group.
At a scheduled interval, 
BlackBerry UEM
 automatically synchronizes the membership of a directory-linked group with its associated company directory group (or groups). Users that were added or removed from the company directory group are added or removed from the directory-linked group.
When users are moved into a company directory group that is linked to a directory-linked group, they are assigned the policies, profiles, and apps that are assigned to the group. When users are removed from a company directory group that is linked to a directory-linked group, the policies, profiles, and app are removed from the user.
Each directory-linked group can link to only a single company directory. For example, if 
BlackBerry UEM
 has two 
Microsoft Active Directory
 connections (A and B), and you create a directory-linked group that is linked to connection A, you can link only to directory groups from connection A. You must create new directory linked groups for any other directory connections.
To enable this feature, see "Enable directory-linked groups" in the on-premises Configuration content or the cloud Configuration content.
Synchronizing directory-linked groups does not add or delete users in 
BlackBerry UEM
. To allow 
BlackBerry UEM
 to create user accounts when new company directory users are created, you must enable and configure onboarding. For more information, see "Enabling onboarding" in the on-premises Configuration content or the cloud Configuration content.