Groups allow you to control which application can customers and other account holders can have access to within the same identity store.
In many cases, applications intended for completely different customer bases share the same identity store. This means that a customer identity created for Application A will have access to applications B, C, and D, etc. of the same identity store.
You might not want every customer to have access to every application belonging to the identity store because many of the applications might be off-limits or irrelevant to them.
You can control which applications customers can have access to by placing them into groups. Groups apply restrictions to applications so that only those customers have access to that specific application who are members of the group(s) assigned to it.
You can find out how to create groups, manage group memberships, and how to apply restrictions to applications on the following pages: