# Identity Group Mapping 1. [Home](https://www.agilicus.com/) 2. Identity Group Mapping ![user-group](https://www.agilicus.com/www/371aa5b7-user-group.svg)## Identity Group Mapping Map your local directory groups into Agilicus AnyX, simplify configuration and maintenance [CONTACT](/contact-us/) ## Identity Group Mapping ![](https://www.agilicus.com/www/4b7d6398-image-1024x871.png) When using on-site identity (e.g. Microsoft Active Directory) it is possible to directly map your directory groups to Agilicus AnyX groups. This allows for zero-touch configuration. As an example, consider that you have a group in Active Directory called "Site 1 *SCADA Admins*". You can map this to an Agilicus AnyX group as: "SCADA Admins", "Site 1 SCADA Admins", "SCADA Users". The first would be via a regex sub-string extraction, the second via a direct mapping, and the third by a remapping. You can also exclude groups, which has a higher preference. This allows you to "remap all except". ![](https://www.agilicus.com/www/b686dd86-image-1024x596.png) You can configure the group mappings from the Onsite Identity overview screen using the action-button. These are on a per identity-provider basis. It is helpful to pre-create the Agilicus Groups and have a list at hand. ### Case 1: Simple 1:1 Map All Local Groups To AnyX Groups There is a convenience button 'MAP ALL GROUPS'. This will create a [regular expression-based](https://regex101.com/) rule as: ``` INPUT GROUP: (.*) OUTPUT GROUP: {0} PRIORITY: 1 ``` What this means is, 'dot' -> any character, 'star' -> any number of the previous characters, 'parenthesis', a named group (the name being the 0-based number of parenthesised groups). So '(.\*)' effectively means group 0 is "ALL". The Output group '{0}' means to use the value from the input group. ### Case 2: Prefix Map Let's assume you want all input groups that have 'scada-\*' to map into Agilicus AnyX groups. You would use: ``` INPUT GROUP: scada-(.*) OUTPUT GROUP: {0} PRIORITY: 1 ``` This means an input group of scada-hmi-admins becomes an output group of hmi-admins. ### Case 3: Remap Let's assume you have an input group called 'BMS-operators' and you want this replaced with 'Building Managers'. ``` INPUT GROUP: BMS-operators OUTPUT GROUP: Building Managers PRIORITY: 1 ``` In this case no regular expressions are used ### Priority In some cases there will be multiple matches. The top priority one will be used.