About group membership criteria

Group membership criteria are used to determine which machines or users get included within each group. First, you create a group and give it a unique name. Then you define its membership criteria. During discovery, machines or users that meet the membership criteria for a group are assigned to that group.

DID YOU KNOW? Membership criteria are not used for authentication. Instead, they provide a method for filtering and grouping machines after they have already authenticated with the Trust Protection Platform server.

Membership criteria are based on system attributes found on each machine added to groups during discovery. System attributes can include operating system names, IP addresses, hostnames, environment variables, and so on. The membership criteria available depends on the type of group you have created. See About Group Types.

When you modify membership criteria, keep in mind that you will likely include and exclude machines. When a machine is excluded, the work previously configured for its agent is no longer applied by that group.

EXAMPLE Suppose that Machine A connects to the Trust Protection Platform server on Tuesday and is placed in Group A because group A's membership rules matched various attributes of agent 1. However, on Wednesday, you modify the membership rules for Group A.

The following day, Thursday, agent 1 connects to the Trust Protection Platform server, but it's attributes no longer match the modified membership rules in Group A. Because agent 1 no longer meets the membership rules of Group A, agent 1 no longer receives configurations or work from Group A.

EXAMPLE Suppose you want to group all machines that are running either Windows, Linux, or Unix in order to deploy user and device certificates to them. You could create membership criteria like this: