Home
Configuring accounts, groups, policies, and sites
Configuring groups
In this collection of topics, you will learn how to configure groups in Portnox™ Cloud.
The Default group
In this topic, you will learn what is the Default group, how it differs from other groups, and how it functions in Portnox Cloud.

Configuring accounts, groups, policies, and sites
- What are accounts, groups, policies, and sites?
  In this topic, you will learn what we mean by accounts, groups, policies, and sites in Portnox™ Cloud.
- Configuring groups
  In this collection of topics, you will learn how to configure groups in Portnox™ Cloud.
  - Create a group
    In this topic, you will learn how to create a group in Portnox™ Cloud and configure network access layers.
  - Edit and configure a group
    In this topic, you will learn how to edit a group in Portnox™ Cloud and configure its advanced settings.
  - Manage members of a group
    In this topic, you will learn how to automatically manage members of a group in Portnox™ Cloud based on groups and/or organizational units in Portnox Cloud and/or authentication repositories.
  - The Default group
    In this topic, you will learn what is the Default group, how it differs from other groups, and how it functions in Portnox Cloud.
- Configuring accounts
  In this topic, you will learn how to configure accounts in Portnox™ Cloud.
- Configuring policies
  In this collection of topics, you will learn how to configure policies in Portnox™ Cloud.
- Configuring sites
  In this topic, you will learn how to configure a site in Portnox™ Cloud.
- Configuring guest access
  In this topic, you will learn how to configure a guest Wi-Fi network in Portnox™ Cloud.

The Default group

In this topic, you will learn what is the Default group, how it differs from other groups, and how it functions in Portnox Cloud.

The Default group is a catch-all group that always exists in Portnox Cloud. All devices and users that fail to authenticate or are not explicitly assigned to a custom group are automatically placed here. Membership cannot be manually managed, and external repository mapping is not supported.

Usage and limitations

You cannot assign OUs, accounts, or groups manually to the Default group.
External identity platforms (Entra ID, Google Workspace, Okta, LDAP) cannot be mapped to the Default group.
It is recommended to enable both wired and wireless access in the Default group and assign policies or VLAN/ACLs appropriately. This ensures fallback connectivity for unassigned devices or failed authentications.
Custom groups should be used for targeted access control, directory integration, and policy enforcement.
The Default group is fixed at the bottom of the priority list and cannot be moved. Custom groups can be rearranged above it to control policy application.