Getting Started
- Overview & Company
  - About Identity and Access Management
  - About Evo Security
- Initial Setup & Requirements
  - Evo Prerequisites & Supported Operating Systems
  - MSP Onboarding Guide
  - Evo Authenticator Mobile App 5.1.x (iOS and Android)
  - Evo Supported Authentication Methods
Directory Environments
- Environments
  - What type of Directory do I need?
  - Set up Evo on Active Directory (LDAP)
  - Set up Evo on Azure AD
  - Evo Cloud: Directory-As-A-Service Setup and Installation
  - Sync with Google Workspace
  - Unsupported - Microsoft Azure Virtual Desktop
Deployment & Configuration
- Advanced Configurations
  - How to protect Remote Desktop using Evo Security (RDP Support)
- Scripts & Automation
  - Deploy & Uninstall Evo Agent via PowerShell
  - Deploying the Evo Agent using ConnectWise RMM
- Branding & Customization
  - How do I update the Logos to match my company brand? (Web Page and Agent)
Product Information
- MFA
  - Evo Secure Login for Windows / Troubleshooting Secure Login
- SSO/ SAML
  - What SAML integrations are available?
  - How do I add a rule for single sign-on (SSO) expiration
  - Identity Provider (IdP) Login
  - Connect Web Apps via SAML with Evo: Version 3
  - Azure AD/On-Prem AD Hybrid Environment - Federating Microsoft 365 Domain
  - Azure AD - Federating Microsoft 365 domain
  - WS-Federation integration for Office 365 login
  - Setting up SAML with Salesforce
  - Setting up SAML with Dropbox
  - Setting up SAML with Keeper
  - Setting up SAML with Box.com
  - Setting up SAML with Liongard
  - Setting up SAML with Auvik
  - Setting up SAML with Domotz
- Tech Elevation
  - Elevated Access: Extended User Access Control session
  - Elevated Access: Just-in-Time Accounts
  - Setup Elevated Access
  - Password Rotation with Evo
  - Local Admin Accounts
  - Web Accounts
- End User Elevation
  - Elevated Access: End User Elevation 2.3.x
- Help Desk Verification
  - Help Desk Verification
  - Help Desk Verification with Microsoft Authenticator and Evo Secure Login
- Agents
  - LDAP Agent Settings Editor
  - Installing the macOS Credential Provider
Evo Portal
- Navigation & Managment
  - Welcome to the New Evo Portal!
  - Tenants Page
  - Policies Page
  - Rules Section (Global)
  - Integrations Page
  - Settings Section
  - Dashboard Page
  - Directories Page
  - Vault Section
  - Users Page
  - Groups Page
  - Access Tokens Page
  - Keys (Hardware Keys) Page
  - Endpoints Section
  - Applications Page
  - Elevation Section (Tenant)
  - Role-Based Permissions / List of Roles
- User & Directory Management
  - How do I add or delete customers?
  - How do I add, edit or disable a Domain Account? ( Old UI )
  - How do I add, edit, or delete a directory?
  - How do I disable, enable, or delete user devices (Endpoints)?
  - User Groups
  - How do I manage my user licenses? (Billing and Administration)
Integrations
- PSA & Password Sync Integrations
  - Evo Password Integration with ITGlue
  - Integrating Evo with IT Glue
  - Evo Password Integration with Hudu
  - Evo Integration with Autotask
  - Evo Integration with ConnectWise
User Onboarding & Guidance
- MFA & Access Behavior
  - How does the "MFA Status" toggle work?
  - Set Evo Secure Login as default option at login screen
  - MFA Grace Period
  - Temporary Authentication Lockout
- Account Management
  - How do I reset my Evo password?
  - How do I see authentication activity?
  - How do I convert user types?
  - How do I manage my users / users devices?
- End User Documentation
  - How do I create my user account?
  - How do i log in?
  - How do I register my device?
  - Evo Authenticator watch app
  - Using Evo Secure Login (End User)
  - Using Evo Security (End User) - Azure AD
  - Using Evo Security (End User) - Active Directory
Troubleshooting & FAQs
- Directories Troubleshooting
  - Troubleshooting Evo Authenticator Mobile App Issues
  - Error Fetching AD Groups: How to fix AAD Client Secret expired
  - Troubleshoot issues with the Evo LDAP Agent
  - On-prem AD Virtual Machine hosted on Azure (timeout settings)
- Secure Login Troubleshooting
  - Error: Login Denied due to Temporary Lockout
  - Error Message: the account is disabled or not found
  - How to Fix Secure Login Always Requests Offline Code
  - How to use Offline code to login to Windows machine without Internet
- Elevated Access Troubleshooting
  - Error: The user has not been granted the requested logon type at this computer
  - How to Troubleshoot Elevated Access / Domain Accounts
- Mobile App Troubleshooting
  - Troubleshooting Evo Authenticator Mobile App Issues
- End User Troubleshooting
  - User cannot login after changing email
- RADIUS Troubleshooting
  - RADIUS - Secure RADIUS Servers with TLS/radsecproxy (CVE-2024-3596)
  - Requesting a RADIUS Server in Evo / RADIUS Troubleshooting
Support & Resources
- Support & Resources
  - Where to go for help / feature requests
  - Adding Evo Users to the Evo Support Portal
  - Setting up Mobile Email to Provide Logs to Evo
  - How do I add, edit, or delete email campaigns?
  - How do I update Evo software?
More

User Groups

Last updated on September 11, 2025

We now have an exciting new feature called User Groups! With User Groups, you are able to group many users within the same unit, and then using only that singular unit, apply it to several places within the portal such as Role-Based permissions, Tenant Access, and Elevated Access. No more repetitive clicking of checkboxes, or completing the same action over an over again in a manual way. With User Groups, you set up the group, place the users within that group, and then apply it in one click. That's all!

Locating User Groups

Log into your Evo Portal

Navigate to your desired Tenant.

Select Groups under the tenant

This page will display any and all Groups you've created, and house Synced Groups from your AD (more information on this further in the article) But for now, let's focus on creating Custom User Groups within your environment.

Creating a User Group

On the Groups Page, click the "New+" button on the top right.

Enter a Group Name and a description (optional) and click Confirm/Next Step

Optionally, add users to the group & a role group if desired you've created and click done.

You've now created your first User Group! Let's see how you could manipulate this within the Groups Page.

Deleting a User Group

On the Groups Page, click the trashcan icon next to the group. This will trigger the deletion feature.

Note: Do be aware, any users that belong to this group will no longer have any associations that the group belonged to, so any roles, permissions or access that was granted by being part of this group is no longer applied to those users. Again, this will not delete your users, but the group they belong to.

Now that we've gone over the User Groups Feature, let's take a look at the places within the portal where the User Groups can be applied. We'll start with Role-Based Permissions.

Synced User Groups

Synced User Groups function quite similarly to Custom User Groups, however the key difference here is that the group is controlled by the AD and NOT the Evo Portal. These Groups are synced directly from your AD and in conjunction with the LDAP agent when you specify which groups you would like to sync over. Let's take a deeper dive here to understand how this works.

Security Groups in AD

In your AD, you likely have many different Security Groups created, and you likely have many different members that belong to them. Here's an example list of Security Groups and Users.

Currently, when you install the LDAP agent, and use the LDAPS agent settings editor, it asks you which group(s) you would like to sync over. You select those group(s) and those corresponding users belonging to those group(s) will be Synced over and housed on the People Page. However, with this feature, we will be releasing a new LDAP agent that will now also pull over those Synced Groups to the Groups page! Take a look at an example LDAP agent and what it looks like on the Groups Page and their Users!

NOTE: This new LDAP agent will be installed over the top of your current LDAP agent. Please do not uninstall your current LDAP agen

FAQ

Question: Can my users belong to multiple User Groups?

Answer: Yes! Your users can belong to multiple User Groups! There are no restrictions here! They will inherit any and all roles that are applied to these groups, and all these roles and permissions will be cumulative. The same can be said for Synced User Groups, as users can belong to multiple security groups here. However, you are unable to remove those users from the groups from the portal. This must be managed from the AD.

Question: Does this mean our users can also belong to multiple Role groups?

Answer: Yes! We have removed the restriction that users can only belong to one role group. Users now can belong to multiple Role groups.

Question: Can I sync over nested groups?

Answer: Yes, however they will appear as "flat" groups in the portal on the Groups page. In the following screenshot, the group "spam10" is a nested group within "EvoSync1", however, they will appear as separate groups. If you were to unsync "EvoSync1", the group "spam10" will also be unsynced.

Question: So this means users that belong in nested groups also appear as users in the "parent" group?

Answer: Yes! Please refer to the first question in the FAQ.

Did this answer your question?

😞

😐

🤩

How do I disable, enable, or delete user devices (Endpoints)? How do I manage my user licenses? (Billing and Administration)