Groups organize ChatGPT workspace access for a set of members and can carry custom roles. Group membership is separate from local runtime policy and permissions in connected systems.
For the complete control model, see Roles and workspace permissions.
Compare membership sources
Each group has one authoritative membership source:
| Group type | Membership source | When it applies |
|---|---|---|
| Manually managed | ChatGPT workspace administration | The group is small, temporary, or not managed through directory sync |
| Identity-provider managed | Your identity provider through SCIM | Membership should follow the organization’s directory and member-removal process |
Manual and identity-provider-managed groups can coexist. For synchronized groups, the identity provider is the membership source; later provisioning updates can overwrite workspace-side changes. The Help Center owns current SCIM behavior, supported attributes, and setup steps.
Understand the access boundary
SCIM provisions workspace membership and group assignments. It doesn’t grant permissions in GitHub, Google Drive, Slack, or another connected system. It also doesn’t replace local runtime requirements or Platform API organization access.
Workspace RBAC and local runtime requirements are separate control systems. A group can be relevant to both, but don’t infer a managed-requirements matching or precedence rule from workspace group order. Use Managed configuration for the documented delivery and local precedence rules.
Use current setup procedures
Workspace administration details can change. Use these sources for current UI steps, availability, and limits:
- Manage members, seat types, roles, and access
- Manage groups
- SCIM integration FAQ
- Manage workspace settings