| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.workload | ms.tgt_pltfrm | ms.devlang | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Manage developer accounts using groups in Azure API Management | Microsoft Docs |
Learn how to manage developer accounts using groups in Azure API Management |
api-management |
vladvino |
erikre |
33660b45-442f-44be-9a4a-1899d7f699b0 |
api-management |
mobile |
na |
na |
article |
01/23/2017 |
apimpm |
In API Management, groups are used to manage the visibility of products to developers. Products are first made visible to groups, and then developers in those groups can view and subscribe to the products that are associated with the groups.
API Management has the following immutable system groups.
- Administrators - Azure subscription administrators are members of this group. Administrators manage API Management service instances, creating the APIs, operations, and products that are used by developers.
- Developers - Authenticated developer portal users fall into this group. Developers are the customers that build applications using your APIs. Developers are granted access to the developer portal and build applications that call the operations of an API.
- Guests - Unauthenticated developer portal users, such as prospective customers visiting the developer portal of an API Management instance fall into this group. They can be granted certain read-only access, such as the ability to view APIs but not call them.
In addition to these system groups, administrators can create custom groups or leverage external groups in associated Azure Active Directory tenants. Custom and external groups can be used alongside system groups in giving developers visibility and access to API products. For example, you could create one custom group for developers affiliated with a specific partner organization and allow them access to the APIs from a product containing relevant APIs only. A user can be a member of more than one group.
This guide shows how administrators of an API Management instance can add new groups and associate them with products and developers.
Note
In addition to creating and managing groups in the publisher portal, you can create and manage your groups using the API Management REST API Group entity.
To create a new group, click Publisher portal in the Azure Portal for your API Management service. This takes you to the API Management publisher portal.
If you have not yet created an API Management service instance, see Create an API Management service instance in the Get started with Azure API Management tutorial.
Click Groups from the API Management menu on the left, and then click Add Group.
Enter a unique name for the group and an optional description, and click Save.
The new group is displayed in the groups tab. To edit the Name or Description of the group, click the name of the group in the list. To delete the group, click Delete.
Now that the group is created, it can be associated with products and developers.
To associate a group with a product, click Products from the API Management menu on the left, and then click the name of the desired product.
Select the Visibility tab to add and remove groups, and to view the current groups for the product. To add or remove groups, check or uncheck the checkboxes for the desired groups and click Save.
Note
To add Azure Active Directory groups, see How to authorize developer accounts using Azure Active Directory in Azure API Management.
To configure groups from the Visibility tab for a product, click Manage Groups.
Once a product is associated with a group, developers in that group can view and subscribe to the product.
To associate groups with developers, click Users from the API Management menu on the left, and then check the box beside the developers you wish to associate with a group.
Once the desired developers are checked, click the desired group in the Add to Group drop-down. Developers can be removed from groups by using the Remove from Group drop-down.
Once the association is added between the developer and the group, you can view it in the Users tab.
- Once a developer is added to a group, they can view and subscribe to the products associated with that group. For more information, see How create and publish a product in Azure API Management,
- In addition to creating and managing groups in the publisher portal, you can create and manage your groups using the API Management REST API Group entity.