Groups

In Kong Gateway, the Group entity functions as a resource for RBAC. Kong Gateway Admins can map Permissions and Roles to a Group, and use the Group to simplify Role assignment across the Kong Gateway environment.

The Group resource can also be used to integrate identity providers like Okta with Kong Manager, letting you map relationships between your service directory mappings and Kong Manager Roles.

With service directory mapping, Groups can be mapped to RBAC Roles. When a user logs in to Kong Manager, they are identified with their Admin username and authenticated with user credentials from a service directory, like LDAP. The service directory creates a relationship with the associated RBAC Roles that are defined in Kong Gateway. This happens in the following order:

1. Roles are created in Kong Gateway.
2. Groups are created and associated with RBAC Roles.
3. Groups are associated with an external directory.
4. Permissions are assigned to Kong Gateway users based on Group assignment.

Creating an RBAC Group requires RBAC to be enabled for Kong Gateway.

curl -i -X POST http://localhost:8001/groups/ \
    --header "Accept: application/json" \
    --header "Content-Type: application/json" \
    --data '
    {
      "name": "my-group",
      "comment": "A description associated with this group."
    }
    '