Groups

Groups give administrators a way to apply policy to a subset of users without editing each account individually. The most common use today is the AI provider override — routing a department’s traffic through a specific upstream provider.

Membership

A user can belong to zero or more groups. Membership is managed from the Groups page (/admin/groups):

• Create a group with a name and optional description.
• Add users by searching their email or display name.
• Remove a user with the membership-list action menu.

Group changes take effect on the user’s next request — no client restart needed.

AI provider overrides

When a user is in a group with an AI provider override, AI proxy requests from that user are routed to the override instead of the server-wide default. If the user is in multiple groups with conflicting overrides, the resolution order is documented on the Groups page.

The override is selected from the AI provider catalog defined under Ai:Providers in appsettings.json. The catalog is shown on Settings → AI providers for reference.

Override scope

Overrides only affect routing of AI proxy calls. They do not change which features a group can access — that’s a policy concern.

Auditing

Group create/delete and membership add/remove are written to the audit log under the Group.* event family, with the acting administrator and the target user/group recorded.