{"id":47368,"date":"2025-04-22T08:00:17","date_gmt":"2025-04-22T07:00:17","guid":{"rendered":"https:\/\/www.firstware.com\/?p=47368"},"modified":"2025-04-23T15:21:30","modified_gmt":"2025-04-23T14:21:30","slug":"management-of-authorization-groups-by-department-heads","status":"publish","type":"post","link":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/","title":{"rendered":"Management of authorization groups by department heads"},"content":{"rendered":"<p>Companies can use authorization groups to <strong>assign permissions for resources<\/strong>. In most cases, a group grants access to a resource, for example, certain databases, documents or applications. User accounts are in turn assigned to these groups. This quickly raises the question of <strong>who is responsible for maintaining group memberships<\/strong> to ensure users have the correct access rights.<\/p>\n<p>In this article, we will show you \u00a0how the <strong data-start=\"560\" data-end=\"598\">management of authorization groups<\/strong> can be <strong>delegated to department heads outside the IT department<\/strong>. With our IAM solution, IDM-Portal, it is possible to shift <a href=\"https:\/\/firstware.com\/en\/authorization\/access-management\/\">access management<\/a> tasks to the business units themselves\u2014using a customizable and user-friendly interface.\u00a0<\/p>\n<div style=\"position: relative; box-sizing: content-box; max-height: 80svh; width: 100%; aspect-ratio: 1.940700808625337; padding: 40px 0 40px 0;\"><iframe style=\"position: absolute; top: 0; left: 0; width: 100%; height: 100%;\" src=\"https:\/\/app.supademo.com\/embed\/cm9twolel0yr411m71m1bp8s0?embed_v=2\" loading=\"lazy\" title=\"Department heads manage authorization groups\" allow=\"clipboard-write\" frameborder=\"0\" webkitallowfullscreen=\"webkitallowfullscreen\" mozallowfullscreen=\"mozallowfullscreen\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/div>\n<p><a href=\"#Department\"><button class=\"ButtonBeratung2 aligncenter\">Go directly to our solution<\/button><\/a><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Index<\/p>\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#Group-membership-controls-the-authorization-of-user-accounts\" >Group membership controls the authorization of user accounts<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#Management-of-authorization-groups-%E2%80%93-Who-knows-what\" >Management of authorization groups \u2013 Who knows what<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#Department-heads-maintain-group-memberships\" >Department heads maintain group memberships<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#Improve-management-of-authorization-groups-with-delegation\" >Improve management of authorization groups with delegation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#Understanding-role-based-and-attribute-based-access-rights\" >Understanding role-based and attribute-based access rights<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#Editing-group-memberships-from-the-users-perspective\" >Editing group memberships from the user&#8217;s perspective<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#Maintain-authorization-groups-in-Entra-ID-and-Active-Directory-in-parallel\" >Maintain authorization groups in Entra ID and Active Directory in parallel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#Summary\" >Summary<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#More-about-the-FirstWare-IDM-Portal\" >More about the FirstWare IDM-Portal<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Group-membership-controls-the-authorization-of-user-accounts\"><\/span>Group membership controls the authorization of user accounts<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Users are given <strong>access to a resource<\/strong> by <strong>belonging to a group<\/strong>. The advantage of this is that companies can grant or revoke permissions by adding and removing users from the assigned groups. In this case, the underlying resources only need to be customized once, by defining the permission group.<\/p>\n<p>Of course, <strong>several authorization groups can access a resource<\/strong>, possibly with different rights, for example, with <strong>read access<\/strong> or <strong>write access.<\/strong><\/p>\n<div id=\"attachment_47422\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" aria-describedby=\"caption-attachment-47422\" class=\"imgshadow wp-image-47422 size-large\" title=\"Management of authorization groups in Entra ID\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/04\/Find-all-groups-in-Entra-ID-1024x568.png\" alt=\"Management of authorization groups in Entra ID\" width=\"1024\" height=\"568\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/Find-all-groups-in-Entra-ID-1024x568.png 1024w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/Find-all-groups-in-Entra-ID-300x166.png 300w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/Find-all-groups-in-Entra-ID-768x426.png 768w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/Find-all-groups-in-Entra-ID-1536x852.png 1536w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/Find-all-groups-in-Entra-ID-2048x1136.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-47422\" class=\"wp-caption-text\">Authorization management, including group management, is often the exclusive responsibility of IT.<\/p><\/div>\n<p>It is also possible to <strong>nest groups<\/strong>. In this case, a group is a member of another group, which then has the corresponding rights to the resource. If group A is a member of group B and has rights to resource C, all users who are members of group A also get access rights. Permissions for individual users can be withdrawn by removing user accounts from groups.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Management-of-authorization-groups-%E2%80%93-Who-knows-what\"><\/span>Management of authorization groups \u2013 Who knows what<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>When managing authorization groups, the question arises as to <strong>who in the company should maintain membership in the groups<\/strong>.<\/p>\n<p>The <strong>IT department<\/strong> usually takes care of the <strong>technical systems and implements the authorizations<\/strong> (e.g., in Entra ID). However, the decision on the necessary access rights is usually made by the department head or the responsible persons in the specialist department. In other words, the IT department often does not know exactly which resources a user needs\u2014the respective specialist department knows this better.<\/p>\n<div id=\"attachment_47425\" style=\"width: 707px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" aria-describedby=\"caption-attachment-47425\" class=\"imgshadow wp-image-47425 size-full\" title=\"Management of authorization groups: Create a new group\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/04\/New-group-in-Entra-ID.png\" alt=\"Management of authorization groups: Create a new group\" width=\"697\" height=\"511\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/New-group-in-Entra-ID.png 697w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/New-group-in-Entra-ID-300x220.png 300w\" sizes=\"(max-width: 697px) 100vw, 697px\" \/><p id=\"caption-attachment-47425\" class=\"wp-caption-text\">Authorization management with Entra ID requires IT expertise and administrator rights.<\/p><\/div>\n<p>In the <strong>specialist department<\/strong>, however, <strong>the necessary knowledge and appropriate tools are often missing<\/strong> to effectively manage group memberships.<\/p>\n<p>Here, a tool such as the <a href=\"https:\/\/firstware.com\/en\/\">IDM-Portal<\/a> from FirstAttribute would be helpful, as it enables department heads and HR to easily manage memberships.<\/p>\n<ul>\n<li>The IT department maintains the groups and their permissions,<\/li>\n<li>while memberships are maintained by the specialist departments.<\/li>\n<\/ul>\n<p>This significantly reduces the workload of the IT department and allows membership maintenance to be carried out promptly.<\/p>\n<h2 id=\"Department\"><span class=\"ez-toc-section\" id=\"Department-heads-maintain-group-memberships\"><\/span>Department heads maintain group memberships<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Improve-management-of-authorization-groups-with-delegation\"><\/span>Improve management of authorization groups with delegation<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>IDM-Portal from FirstAttribute allows the <strong>management of authorization groups<\/strong> to be delegated<strong> directly to department heads or managers in specialist departments<\/strong> without them having to access the admin portals.<\/p>\n<p>A <strong>central, intuitive user interface<\/strong> is available for this purpose. Thanks to <strong>role-based customization of the user interfaces<\/strong> in the IDM-Portal, users only see the data for which they are responsible.<\/p>\n<div id=\"attachment_47436\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" aria-describedby=\"caption-attachment-47436\" class=\"wp-image-47436 size-large\" title=\"Management of authorization groups with IDM-Portal\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/04\/Role-based-access-control-IDM-Portal-1024x662.png\" alt=\"Management of authorization groups with IDM-Portal\" width=\"1024\" height=\" HR department head Karla can manage users and edit group members in IDM&lt;yoastmark class=\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/Role-based-access-control-IDM-Portal-1024x662.png 1024w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/Role-based-access-control-IDM-Portal-300x194.png 300w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/Role-based-access-control-IDM-Portal-768x496.png 768w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/Role-based-access-control-IDM-Portal-1536x993.png 1536w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/Role-based-access-control-IDM-Portal-2048x1324.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-47436\" class=\"wp-caption-text\">HR department head Karla can manage users and edit group members in the IDM portal. HR manager Steve can only create users.<\/p><\/div>\n<p><a href=\"https:\/\/firstware.com\/en\/contact\/\" target=\"_blank\" rel=\"noopener\"><button class=\"ButtonBeratung2 aligncenter\">Book a demo now<\/button><\/a><\/p>\n<p>Identity and access management (IAM) delegation in the IDM-Portal is a powerful concept that can greatly assist companies in managing authorization groups.<\/p>\n<p><strong>What is IAM delegation?<\/strong><\/p>\n<p>As part of IAM delegation, <strong>administrators delegate the maintenance of permission groups to other users outside the IT department<\/strong>. This gives employees in the specialist departments the right to manage group memberships, but not the groups themselves or their permissions. This ensures that permissions and group memberships are only maintained by those who are authorized to do so.<\/p>\n<p>With the <strong>built-in tools of Entra ID<\/strong>, this is possible in principle, but <strong>quite complex to implement<\/strong>. In such a scenario, however, companies are better off relying on solutions that enable automation on the one hand and offer an easy-to-use interface on the other.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Understanding-role-based-and-attribute-based-access-rights\"><\/span>Understanding role-based and attribute-based access rights<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In addition to quick and easy handling, the IDM-Portal also offers maximum control and security. Thanks to <strong>role-based access rights (RBAC)<\/strong>, the IT department maintains an overview at all times and can determine who is authorized to manage permissions. <strong>Detailed logging of all changes<\/strong> ensures that all adjustments can be traced at any time.<\/p>\n<div id=\"attachment_47440\" style=\"width: 858px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" aria-describedby=\"caption-attachment-47440\" class=\"imgshadow wp-image-47440 size-full\" title=\"Attribute-based access rights in IDM-Portal\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/04\/Change-of-department-in-IDM-Portal.gif\" alt=\"Attribute-based access rights in IDM-Portal\" width=\"848\" height=\"668\" \/><p id=\"caption-attachment-47440\" class=\"wp-caption-text\">Selecting a new department not only automatically changes the address, but also regulates all permissions associated with the departments.<\/p><\/div>\n<p>In addition, the IDM-Portal also supports <strong>attribute-based access rights (ABAC)<\/strong>, a method for fine-grained authorization based on user attributes. Unlike RBAC, which is based on predefined roles, ABAC enables more flexible access control by using attributes such as department, location, or position. Changes to these attributes automatically affect permissions, ensuring that access rights are always up to date.<\/p>\n<p>In combination with RBAC, the IDM-Portal offers a balanced solution for dynamic business requirements.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Editing-group-memberships-from-the-users-perspective\"><\/span>Editing group memberships from the user&#8217;s perspective<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Another key feature of the IDM-Portal is the <strong>direct editing of group memberships<\/strong> from both the <strong>user perspective<\/strong> and the <strong>group perspective<\/strong>.<\/p>\n<div id=\"attachment_47442\" style=\"width: 888px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" aria-describedby=\"caption-attachment-47442\" class=\"imgshadow wp-image-47442 size-full\" title=\"Management of authorization groups directly in the user profile\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/04\/group-membership-from-a-user-perspective.png\" alt=\"Management of authorization groups directly in the user profile\" width=\"878\" height=\"241\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/group-membership-from-a-user-perspective.png 878w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/group-membership-from-a-user-perspective-300x82.png 300w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/group-membership-from-a-user-perspective-768x211.png 768w\" sizes=\"(max-width: 878px) 100vw, 878px\" \/><p id=\"caption-attachment-47442\" class=\"wp-caption-text\">Editing group memberships from the user perspective in IDM-Portal<\/p><\/div>\n<p>Permissions can be managed in the user profile by searching for relevant groups and adding them via drag &amp; drop. Alternatively, group administrators can manage members directly via the \u201cGroups\u201d menu item or delegate editing to the respective owner.<\/p>\n<p>The integration of <a href=\"https:\/\/firstware.com\/en\/authorization\/approval-workflow\/\">approval workflows<\/a> provides additional security and traceability.<\/p>\n<p><img decoding=\"async\" class=\"imgshadow aligncenter wp-image-47450 size-full\" title=\"Group requiring approval in IDM-Portal\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/04\/Group-requiring-approval-in-IDM-Portal.png\" alt=\"Group requiring approval in the IDM-Portal\" width=\"825\" height=\"350\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/Group-requiring-approval-in-IDM-Portal.png 825w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/Group-requiring-approval-in-IDM-Portal-300x127.png 300w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/04\/Group-requiring-approval-in-IDM-Portal-768x326.png 768w\" sizes=\"(max-width: 825px) 100vw, 825px\" \/><\/p>\n<p>Approval requirements for groups and data changes can be configured in the IDM-Portal. Predefined decision-makers are automatically informed when changes occur. They can then review and approve these changes through a dedicated approval web interface. This ensures that only authorized changes are made.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Maintain-authorization-groups-in-Entra-ID-and-Active-Directory-in-parallel\"><\/span>Maintain authorization groups in Entra ID and Active Directory in parallel<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The efficient <strong>management of permission groups in Active Directory and Entra ID<\/strong> also poses challenges for many IT departments. In scenarios where companies use Active Directory locally while also working with cloud-based resources, managing permission groups becomes complex. This complexity arises because two separate environments are in use, and they must also exchange data with each other. It&#8217;s not just about assigning access rights correctly. Efficient and transparent management is also required\u2014management that aligns with the needs of modern businesses.<\/p>\n<p>With the IDM-Portal, companies can easily and securely maintain and manage group memberships in both environments, i.e., in Active Directory and Entra ID. There is no need to switch between different consoles and admin centers, which saves time.<\/p>\n<p>Read our article on <a href=\"https:\/\/firstware.com\/en\/blog\/manage-m365-groups\/\">managing M365 groups<\/a> for more details on how the IDM-Portal can help you here.<\/p>\n<p>A key advantage is the <strong>real-time processing of changes<\/strong>. The IDM-Portal <strong>does not require its own database<\/strong>, but <strong>accesses Active Directory directly<\/strong>, so group memberships are updated immediately. Thanks to the <strong>integrated RealGroup service<\/strong>, the IDM-Portal <strong>also processes groups in Entra ID<\/strong>. This ensures that local and cloud-based structures are always synchronized and up to date.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Managing permission groups is a key task for IT. However, decisions about access rights are often made by business departments rather than IT. By delegating this task to department heads or authorized employees, companies can reduce the workload of their IT departments and significantly speed up work processes.<\/p>\n<p>With a solution such as the <strong>IDM-Portal from FirstAttribute<\/strong>, permission management becomes not only easier, but also more secure. An intuitive user interface, role- and attribute-based access rights, and seamless integrations enable flexible and controlled management of group memberships\u2014without the need for constant IT intervention.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"More-about-the-FirstWare-IDM-Portal\"><\/span>More about the FirstWare IDM-Portal<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img decoding=\"async\" class=\"alignleft wp-image-36704\" title=\"IDM-Portal Hybrid IAM solution\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2021\/08\/IDM-Portal-Hybrid-IAM-Loesung-1.png\" alt=\"IDM-Portal Hybrid IAM solution\" width=\"238\" height=\"199\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2021\/08\/IDM-Portal-Hybrid-IAM-Loesung-1.png 453w, https:\/\/www.firstware.com\/wp-content\/uploads\/2021\/08\/IDM-Portal-Hybrid-IAM-Loesung-1-300x250.png 300w\" sizes=\"(max-width: 238px) 100vw, 238px\" \/><a href=\"https:\/\/firstware.com\/en\/\">FirstWare IDM-Portal<\/a> by FirstAttribute is an integrated Identity and Access Management (IAM) solution that enables automated user and permissions management, whether on-premises or in the cloud.<\/p>\n<p>This portal integrates all facets of identity and access management and provides centralized access to identity and directory services.<\/p>\n<p><a href=\"https:\/\/firstware.com\/en\/contact\/\" target=\"_blank\" rel=\"noopener\"><button class=\"ButtonBeratung aligncenter\">Get in touch<\/button><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Companies can use authorization groups to assign permissions for resources. In most cases, a group grants access to a resource, [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1835],"tags":[1933,16,2007,50],"class_list":["post-47368","post","type-post","status-publish","format-standard","hentry","category-authorization-management-en","tag-abac-en","tag-delegation-en","tag-management-of-authorization-groups-en","tag-rbac"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Management of authorization groups by department heads - FirstWare IDM-Portal<\/title>\n<meta name=\"description\" content=\"Optimize the management of authorization groups by delegating them to department heads and specialist departments with IDM-Portal!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Management of authorization groups by department heads - FirstWare IDM-Portal\" \/>\n<meta property=\"og:description\" content=\"Optimize the management of authorization groups by delegating them to department heads and specialist departments with IDM-Portal!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/\" \/>\n<meta property=\"og:site_name\" content=\"FirstWare IDM-Portal\" \/>\n<meta property=\"og:image\" content=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/04\/Find-all-groups-in-Entra-ID-1024x568.png\" \/>\n<meta name=\"author\" content=\"Sophia Tunui\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sophia Tunui\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/management-of-authorization-groups-by-department-heads\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/management-of-authorization-groups-by-department-heads\\\/\"},\"author\":{\"name\":\"Sophia Tunui\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#\\\/schema\\\/person\\\/e7504910be78b9b066298168ab6e839e\"},\"headline\":\"Management of authorization groups by department heads\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/management-of-authorization-groups-by-department-heads\\\/\"},\"wordCount\":1350,\"publisher\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/management-of-authorization-groups-by-department-heads\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/firstware.com\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/Find-all-groups-in-Entra-ID-1024x568.png\",\"keywords\":[\"ABAC\",\"Delegation\",\"Management of authorization groups\",\"RBAC\"],\"articleSection\":[\"Authorization Management\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/management-of-authorization-groups-by-department-heads\\\/\",\"url\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/management-of-authorization-groups-by-department-heads\\\/\",\"name\":\"Management of authorization groups by department heads - FirstWare IDM-Portal\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/management-of-authorization-groups-by-department-heads\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/management-of-authorization-groups-by-department-heads\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/firstware.com\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/Find-all-groups-in-Entra-ID-1024x568.png\",\"description\":\"Optimize the management of authorization groups by delegating them to department heads and specialist departments with IDM-Portal!\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/management-of-authorization-groups-by-department-heads\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/management-of-authorization-groups-by-department-heads\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/management-of-authorization-groups-by-department-heads\\\/#primaryimage\",\"url\":\"https:\\\/\\\/firstware.com\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/Find-all-groups-in-Entra-ID-1024x568.png\",\"contentUrl\":\"https:\\\/\\\/firstware.com\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/Find-all-groups-in-Entra-ID-1024x568.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/management-of-authorization-groups-by-department-heads\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Management of authorization groups by department heads\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/\",\"name\":\"FirstWare IDM-Portal\",\"description\":\"Identity and Autorization Management in M365 and Active Directory\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#organization\",\"name\":\"FirstWare IDM-Portal\",\"url\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.firstware.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/IDM-Portal.ico\",\"contentUrl\":\"https:\\\/\\\/www.firstware.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/IDM-Portal.ico\",\"width\":1,\"height\":1,\"caption\":\"FirstWare IDM-Portal\"},\"image\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#\\\/schema\\\/person\\\/e7504910be78b9b066298168ab6e839e\",\"name\":\"Sophia Tunui\",\"sameAs\":[\"http:\\\/\\\/firstattribute.com\"],\"url\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/author\\\/sophia-tunui\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Management of authorization groups by department heads - FirstWare IDM-Portal","description":"Optimize the management of authorization groups by delegating them to department heads and specialist departments with IDM-Portal!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/","og_locale":"en_US","og_type":"article","og_title":"Management of authorization groups by department heads - FirstWare IDM-Portal","og_description":"Optimize the management of authorization groups by delegating them to department heads and specialist departments with IDM-Portal!","og_url":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/","og_site_name":"FirstWare IDM-Portal","og_image":[{"url":"https:\/\/firstware.com\/wp-content\/uploads\/2025\/04\/Find-all-groups-in-Entra-ID-1024x568.png","type":"","width":"","height":""}],"author":"Sophia Tunui","twitter_misc":{"Written by":"Sophia Tunui","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#article","isPartOf":{"@id":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/"},"author":{"name":"Sophia Tunui","@id":"https:\/\/www.firstware.com\/en\/#\/schema\/person\/e7504910be78b9b066298168ab6e839e"},"headline":"Management of authorization groups by department heads","mainEntityOfPage":{"@id":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/"},"wordCount":1350,"publisher":{"@id":"https:\/\/www.firstware.com\/en\/#organization"},"image":{"@id":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#primaryimage"},"thumbnailUrl":"https:\/\/firstware.com\/wp-content\/uploads\/2025\/04\/Find-all-groups-in-Entra-ID-1024x568.png","keywords":["ABAC","Delegation","Management of authorization groups","RBAC"],"articleSection":["Authorization Management"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/","url":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/","name":"Management of authorization groups by department heads - FirstWare IDM-Portal","isPartOf":{"@id":"https:\/\/www.firstware.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#primaryimage"},"image":{"@id":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#primaryimage"},"thumbnailUrl":"https:\/\/firstware.com\/wp-content\/uploads\/2025\/04\/Find-all-groups-in-Entra-ID-1024x568.png","description":"Optimize the management of authorization groups by delegating them to department heads and specialist departments with IDM-Portal!","breadcrumb":{"@id":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#primaryimage","url":"https:\/\/firstware.com\/wp-content\/uploads\/2025\/04\/Find-all-groups-in-Entra-ID-1024x568.png","contentUrl":"https:\/\/firstware.com\/wp-content\/uploads\/2025\/04\/Find-all-groups-in-Entra-ID-1024x568.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.firstware.com\/en\/blog\/management-of-authorization-groups-by-department-heads\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.firstware.com\/en\/"},{"@type":"ListItem","position":2,"name":"Management of authorization groups by department heads"}]},{"@type":"WebSite","@id":"https:\/\/www.firstware.com\/en\/#website","url":"https:\/\/www.firstware.com\/en\/","name":"FirstWare IDM-Portal","description":"Identity and Autorization Management in M365 and Active Directory","publisher":{"@id":"https:\/\/www.firstware.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.firstware.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.firstware.com\/en\/#organization","name":"FirstWare IDM-Portal","url":"https:\/\/www.firstware.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.firstware.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.firstware.com\/wp-content\/uploads\/2019\/06\/IDM-Portal.ico","contentUrl":"https:\/\/www.firstware.com\/wp-content\/uploads\/2019\/06\/IDM-Portal.ico","width":1,"height":1,"caption":"FirstWare IDM-Portal"},"image":{"@id":"https:\/\/www.firstware.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.firstware.com\/en\/#\/schema\/person\/e7504910be78b9b066298168ab6e839e","name":"Sophia Tunui","sameAs":["http:\/\/firstattribute.com"],"url":"https:\/\/www.firstware.com\/en\/blog\/author\/sophia-tunui\/"}]}},"_links":{"self":[{"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/posts\/47368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/comments?post=47368"}],"version-history":[{"count":0,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/posts\/47368\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/media?parent=47368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/categories?post=47368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/tags?post=47368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}