Skip to content

Editing or deleting teams

You might want to modify existing teams when you need to add or remove owners and members, modify membership rules, or need to delete a team altogether.

To edit an existing team

  1. Sign in to Venafi as a Service.

  2. Click People > Teams, and then locate and click a team name to select it.

  3. Do one of the following:

    1. To rename a team, select the text in Team and type a new name.

    2. To modify the team role, click Role and select a new role assignment.

      About assigning roles to teams

      When creating a team, you cannot assign a role to the team that is higher privileged than the role assigned to your user account. For example, if Alan is assigned the Resource Owner role, he can't create a team with the PKI Administrator or System Administrator roles.

    3. (Conditional) Click Membership rules if SSO is enabled and you want to modify them. Team membership rules are used to organize your users into teams automatically.

      More about building your membership rules

      SSO claims are used to identify which users should be added to your team. Users whose SSO claims match the conditions you specify are added to the team automatically.

      For example, suppose your organization uses Active Directory with Okta as your SSO. Your team has an AD group called GroupA that is synchronized with Okta. If Okta is configured with a Groups claim expression, the AD group named GroupA will be returned in a claim that contains the list of groups to which the user belongs. To verify your setup, you sign in to Venafi as a Service}, go to Settings > VaaS Platform > Single Sign On, and then you click Test Connection to make sure that GroupA is returned in the claim:

          "at_hash": "yD62LRYaml6qPbZhB1aW9g",
          "sub": "00uw90kf60mCkrAry0h7",
          "zoneinfo": "America/Los_Angeles",
          "ver": 1,
          "email_verified": true,
          "amr": [
          "adGroups": [
          "Domain Users",

      So you can specify a claim rule that adds a user to a team if their group claim contains the value GroupA. Learn more about SSO configuration.

    4. To add or remove owners manually, click the People tab.

  4. When you're finished, click Save.

To delete one or more teams

Deleting a team is simple work, but keep in mind that you can't delete any teams that are assigned as an owner of a resource, such as an application or organizational unit (OU). So for any team that you plan to delete, be sure to remove them from the Owners field of all applications and OUs before continuing.

  1. Sign in to Venafi as a Service.

  2. Click People > Teams.

  3. On the Teams page, select one or more teams, and then click Delete.

  4. To confirm, click Delete.

Last update: November 9, 2021