How to create a User Group Programmatically

darrenhunterEmerald · August 4, 2025, 12:11pm

Hi,

I am working on a 2FA solution for one of our customers and I need a way to create a user group on the fly in Code.

Is there any article on how to do this.

As We are inplimenting AD and 2FA and I need to be able to set all users who login with AD as an AD user.

Also is there a way to specify which path a user has logged in on, As I want to be able to detect if the AD users have logged in using Umbraco Login not AD login and throw them back out if they use the standard Umbraco Login

Thanks

mistyn8 · August 4, 2025, 1:46pm

Gibe/Umbraco.Community.AzureSSO: Azure AD SSO module for Umbraco
Is a great starting point, (with AD setup on azure too), if not enough for your needs.

If you only want AD logins, that’s supported with a combination of..

    "DenyLocalLogin": true,
    "AutoRedirectLoginToExternalProvider": true,

If you were wanting multiple external logins to work out which, then each loginprovider should have a unique schema name

External login providers | Umbraco CMS


public class ProviderMembersExternalLoginProviderOptions : IConfigureNamedOptions<MemberExternalLoginProviderOptions>
{
    public const string SchemeName = "OpenIdConnect";
    public void Configure(string? name, MemberExternalLoginProviderOptions options)
    {
        if (name != Constants.Security.MemberExternalAuthenticationTypePrefix + SchemeName)
        {
            return;
        }

        Configure(options);
    }

With regards userGroups.. In v13 think we have
Interface IUserService | Umbraco c# Api docs
Umbraco-CMS/src/Umbraco.Core/Services/UserService.cs at v13/main · umbraco/Umbraco-CMS

 /// <summary>
    ///     Saves a UserGroup.
    /// </summary>
    /// <param name="userGroup">UserGroup to save.</param>
    /// <param name="userIds">
    ///     If null than no changes are made to the users who are assigned to this group, however if a value is passed in
    ///     than all users will be removed from this group and only these users will be added.</param>
    public void Save(IUserGroup userGroup, int[]? userIds = null)
    {

But you say you want to put AD users into an AD group.. so can you not just create that group via the backoffice and simply apply the group during autolinking?
Or maybe you want to create new groups based on the claims returned from AD, without prior knowledge? But functionally if you aren’t aware of the groups, how do you know what permissions that group would infer in the newly created group for backoffice users?

darrenhunterEmerald · August 4, 2025, 2:27pm

Thank you.