Group and Users can be associated. This represents simple relationship that can be described like "user John belongs to Group IT". Association can be created between Group and User or between two Groups.
Those operations are managed by RelationshipManager:
RelationshipManager rm = identitySession.getRelationshipManager(); rm.associateUser(parisOffice, annUser); rm.associateUser(atlantaOffice, stefanUser); rm.associateUser(itDep, stefanUser); assertTrue(rm.isAssociated(parisOffice, annUser));
At the SPI level this is mapped to IdentityObjectRelationship entity. This relationship has a type. Simple assotiations can be marked with a type named "JBOSS_IDENTITY_MEMBERSHIP" (this is implementation detail) which describes simple membership. Note that IdentityObjectRelationship creates a connection between any two IdentityObject entities.