Understanding user groups in Kaltura

Last Modified on 11/18/2025 2:39 pm IST

About

User groups can be used to manage entitlements and category assignments for a large number of users in Kaltura applications.

What is a group?

A group is a single manageable entity that represents a collection of users. Technically, a group is a unique type of user that can have individual users as part of it.

Groups can be assigned to a category/channel just like users can. 

After a group is assigned to a category, all the individual users in the group inherit the permission of the group in the category. For example, if the group is assigned as contributor, then all users will be contributors as well.

Why use groups?

  • You most probably already manage groups in the Identity Provider (SAML/SSO/LDAP/AD) and may want to use the same virtual groups in Kaltura applications (MediaSpace for example).
  • In case you have (or expect to have) more than 5,000 individual users assigned to a category (technical limitation).

How are groups created?

You can create groups and add users to them by either:

  1. Managing groups from Configuration Management console (see our article Manage groups in the Configuration Management console for information).
  2. Using the automatic SAML group sync - This method is based on the user's metadata with a specific custom data schema per customer that adds users to groups dynamically according to SAML response on login. See Samlgroupsync module.
  3. Using a CSV - See Manage end-users in bulk using a CSV file.
  4. Running an external periodic script on customer servers in sync with their IdP - This method will create new groups and add/remove users from groups. This script uses Kaltura APIs (groupUser) and can be written by the customer or delivered by Kaltura Professional Services. Kaltura already has a general AD script in place for use and can create additional module for other methods.

Support exists in the Video Portal and KMC for assigning groups to channels/categories. 

Group email notifications

  • Groups support email address notifications. Admins may add the email address or keep it empty. This feature allows for email notifications to be sent to a distribution list. 
  • Groups can be set as the owner of media.  

Additional information

  • An individual user can be both directly assigned to a category/channel and via a group.
  • If an individual user is directly assigned to a category/channel and via a group, the permission of the direct assignment will overrule the group inheritance (even if it is lower permission).
  • In case the user is a member of 2 groups and the 2 groups are assigned to a category, the higher permission of the user will be counted in this category.
  • A user can be in up to 1024 groups.
  • No more than 5000 users can be assigned to a category.
  • There is no limit to the number of users inside a group. (But please note that when creating a group of users in the admin console, no more than 3,000 users can be added at one time.)
  • In KMS – members of a channel will not include the users in the group breakdown, but only direct users and groups.
  • Analytics are displayed for an individual user (and not the group).
  • Known Limitation - a group name cannot be identical to a userID in the group.

Create and manage groups

Via the Configuration Management console

Please see the article Manage groups in the Configuration Management console.

Via the Kaltura Management Console

You can create and manage groups using the end-users CSV file (see our article Manage end-users in bulk using a CSV file). You will need to modify and upload the end-users CSV file. You will later be able to add groups to channels based on the CSV file you created and uploaded to the KMC or video portal and your Configuration Management console.

After creating the groups you may assign user roles. This is a one-time process that needs to happen before groups can be associated with channels. You can define any user role, since specific user roles override the group role.  A role must be configured so that MediaSpace can recognize and show groups.

A sample End-Users CSV file is available for download when you click the +Create button in the KMC main menu.

Groups first need to be created and roles must be assigned. This is a one time process that needs to happen before any groups can be associated with channels. Any role can be defined since user specific roles override the group role. 

To modify the end-users CSV file and create groups:

  1. In the KMC, modify and upload the end-user csv. See our article How to add users in bulk.
    You can download a sample CSV file by clicking the +Create button the KMC main menu, and selecting 'Download CSV/XML Samples' under the Bulk Upload option. For every group that is created, a user must be added to that group.
  2. Add the group column titled "group".
  3. Add a single user or different users to all groups in separate lines. This additional column is used to create all groups in the backend. Do not use spaces in group names.
  4. Upload the CSV to the KMC.
  5. Modify and use the End_Users CSV file and enter the group names you created in Step 2 in the userId column.
  6. Create a column for your video portal instance. Set the column title name to "metadata::KMS_USERSCHEMA1_[your_MediaSpace_instance_id]::role", where the instance id is your video portal instance id, found in the Application module in the Configuration Mangement console configured by your system admin.
  7. Enter permission levels for each group.

    The format of the CSV file with the column title should look like the following:

    Other columns are not mandatory to create the goups.

  8. Upload the modified CSV file to the KMC or to the video portal as described in How to add users in Bulk.

Add groups to channels

Administrators should enable and configure the Channelmembers module to allow entitled users to modify channels.  Then you can add users via the channel edit page > Users tab.

Syncing SAML groups with Kaltura

The samlgroupsync module uses SAML attributes to map users to groups in Video Portal and LMS Video. It automatically manages group membership based on the data sent from your identity provider.

You can enable samlgroupsync only when the SAML module is turned on, and your SAML integration must be fully configured for group syncing to work.

Admins can configure group mapping in two ways:

  • Use the attribute value as the group name
  • Map the attribute value to a specific group name

After updating your SAML settings, users need to sign in to KMS or KAF for the changes to take effect.

Was this article helpful?
Thank you for your feedback!
User Icon

Thank you! Your comment has been submitted.

In this article
Related articles
Back to top

Never miss a thing!

Subscribe to our customer newsletter and our release notes updates, so you always get the best out of Kaltura.
Newsletter