You can now specify a time range for on-demand user groups in cloud dynamic user groups. By defining a specific duration for individual users to remain in a group, this capability allows you to deploy cloud dynamic user groups for on-demand access in even more scenarios, such as providing temporary resource access for contractors or visitors that automatically expires based on the time frame you specify.

For example, if you want to grant access for a contractor to key resources for an assigned project, you can add the contractor to a group and define the user's duration in the group as the time required for the project (up to 6 months). When the specified duration expires, the Cloud Identity Engine automatically removes the user from the group.

Alternatively, if you have a visitor where you want to allow access to your network for just the day, you can specify that the user remains in the group that is allowed access to your network only for the day of the visit and the user is automatically removed from the group at the end of the day.

You can also grant access for users to remain in a group indefinitely, which means that they will remain in that group permanently until you remove them from the group manually.

Time-based membership for cloud dynamic user groups helps you grant access as needed based on key factors while still securing critical resources.