| title | titleSuffix | description | author | ms.service | ms.topic | ms.date | ms.author | ms.custom |
|---|---|---|---|---|---|---|---|---|
Manage developer accounts using groups in Azure API Management |
Azure API Management |
Learn how to manage developer accounts using groups in Azure API Management. Create groups, and then associate them with products or developers. |
dlepow |
api-management |
article |
03/17/2023 |
danlep |
engagement-fy23 |
In API Management, groups are used to manage the visibility of products to developers. Products are first made visible to groups, and then developers in those groups can view and subscribe to the products that are associated with the groups.
API Management has the following immutable system groups:
-
Administrators - Azure subscription administrators are members of this group. Administrators manage API Management service instances, creating the APIs, operations, and products that are used by developers. You can't add users to this group.
[!NOTE] You can change the administrator email settings that are used in notifications sent to developers from your API Management instance.
-
Developers - Authenticated developer portal users fall into this group. Developers are the customers that build applications using your APIs. Developers are granted access to the developer portal and build applications that call the operations of an API.
-
Guests - Unauthenticated developer portal users, such as prospective customers visiting the developer portal of an API Management instance fall into this group. They can be granted certain read-only access, such as the ability to view APIs but not call them.
In addition to these system groups, administrators can create custom groups or use external groups in associated Azure Active Directory tenants. Custom and external groups can be used alongside system groups in giving developers visibility and access to API products. For example, you could create one custom group for developers affiliated with a specific partner organization and allow them access to the APIs from a product containing relevant APIs only. A user can be a member of more than one group.
This guide shows how administrators of an API Management instance can add new groups and associate them with products and developers.
In addition to creating and managing groups in the Azure portal, you can create and manage your groups using the API Management REST API Group entity.
[!INCLUDE premium-dev-standard-basic.md]
Complete tasks in this article: Create an Azure API Management instance.
[!INCLUDE api-management-navigate-to-instance.md]
This section shows how to add a new group to your API Management account.
-
Select the Groups tab to the left of the screen.
-
Click +Add.
-
Enter a unique name for the group and an optional description.
-
Press Create.
:::image type="content" source="media/api-management-howto-create-groups/groups001.png" alt-text="Screenshot of creating a group in the portal."::: Once the group is created, it's added to the Groups list.
-
To edit the Name or Description of the group, click the name of the group and select Settings
-
To delete the group, click the name of the group and press Delete.
-
Now that the group is created, it can be associated with products and developers.
-
Select the Products tab to the left.
-
Click the name of the desired product.
-
Press Access control > + Add group.
-
Select the group you want to add.
:::image type="content" source="media/api-management-howto-create-groups/groups002.png" alt-text="Screenshot of adding a group to a product in the portal.":::
Once a product is associated with a group, developers in that group can view and subscribe to the product.
Note
To add Azure Active Directory groups, see How to authorize developer accounts using Azure Active Directory in Azure API Management.
To remove a group from the product, click Delete.
:::image type="content" source="media/api-management-howto-create-groups/groups004.png" alt-text="Screenshot of removing a group from a product in the portal.":::
This section shows how to associate groups with members.
-
Select the Groups tab to the left of the screen, and then select a group.
-
Select Members > + Add.
-
Select a member.
:::image type="content" source="media/api-management-howto-create-groups/groups006.png" alt-text="Screenshot of adding a member to a group in the portal.":::
-
Press Select.
Once the association is added between the developer and the group, you can view it in the Users tab.
- Once a developer is added to a group, they can view and subscribe to the products associated with that group. For more information, see How create and publish a product in Azure API Management.
- You can control how the developer portal content appears to different users and groups you've configured. Learn more about customizing the developer portal.
- Learn how to manage the administrator email settings that are used in notifications to developers from your API Management instance.