Understanding user groups in Kaltura

Last Modified on 11/18/2025 6:27 pm IST

About

Groups let you manage entitlements and category/channel membership for large sets of users in Kaltura applications. Instead of assigning permissions one user at a time, you assign the group, and all members inherit the group’s permission.

A group is technically a special user object that contains individual users.

Why use groups?

Groups are helpful when:

  • You already manage groups in your identity provider (SAML/SSO/LDAP/AD) and want to reflect the same structure in Kaltura.
  • You need to assign more than 5,000 users to a category/channel (direct assignments are limited to 5,000 users).
  • You want to simplify ongoing permission management for large audiences.

How permissions work with groups

  • Users can be assigned permissions directly and through a group. Direct permissions override group-inherited permissions.
  • If a user belongs to multiple groups, the highest permission applies.
  • Analytics are tracked per user, not per group.
  • A user can belong to up to 1,024 groups.
  • A group name cannot match a user ID in the group.
  • There is no limit on the number of users in a group (though the admin console UI can only add up to 3,000 users at once).

How groups are created

You can create and maintain groups using any of the following methods:

1. Using the Configuration Management Console

Admins can create and manage groups directly in the Configuration Management console. See our article Manage groups in the Configuration Management console for instructions.

2. Syncing SAML groups

If you use SAML SSO, the Samlgroupsync module can automatically map users to groups based on SAML attributes.

You can:

  • Use the SAML attribute value directly as the group name, or
  • Map the SAML value to a predefined group name.

The SAML module must be enabled, and users will need to sign in again to apply the updated mappings.

3. Creating groups using a CSV (via KMC)

You can create groups using the End-Users CSV and uploading it through the Kaltura Management Console (KMC). This is the most common method when identity provider syncing isn’t available. For CSV basics (downloading the file, required fields, uploading the file), see our article Add end-users in bulk using a CSV file.

The section below covers only the additional steps required to create groups:

Group-specific CSV rules

  1. Add a “group” column to the End-Users CSV.
  2. For each group you want to create, add at least one user row with the group name in the group column.

    3. Group names cannot contain spaces.

  3. Add the instance-role metadata column used by Video Portal /  LMS Video: metadata::KMS_USERSCHEMA1_[instance_id]::role

    4. You can find your instance ID in the Application module of your Configuration Management console.

  4. Assign a role to the group (users’ direct roles override group roles).

    5. The role you assign must already exist in your instance schema in the Configuration Management console. If the role isn’t defined in the schema, the group will not appear in the UI.

    After modifying the CSV, upload it using the same upload flow described in our article Add end-users in bulk using a CSV file.

4. Using an external script (advanced)

Organizations that manage users externally can automate group creation and membership updates using a periodic sync script. The script uses the groupUser APIs to create groups and add or remove users based on external data (typically an IdP).

This script can be written and maintained by your team, or delivered by Kaltura Professional Services (a general Active Directory script is already available).

This approach is useful when you want ongoing synchronization without CSV uploads or SAML mapping.

Assign groups to channels

To add groups to channels, make sure the Channelmembers module is enabled and configured to allow entitled users to modify channels.

Then:

  1. Open the channel’s Users tab and add the group.
  2. Set the appropriate permission level for the group.

Groups appear in the member list as a single group entry. Individual users inside the group do not appear separately.

For detailed steps, see Edit a channel.

Group email notifications

Groups support an optional email address. If configured, notifications (such as category updates) can be sent to a distribution list associated with the group.

Groups can also be set as the owner of media if needed.


Was this article helpful?
Thank you for your feedback!
User Icon

Thank you! Your comment has been submitted.

In this article
Related articles
Back to top

Never miss a thing!

Subscribe to our customer newsletter and our release notes updates, so you always get the best out of Kaltura.
Newsletter