Accounts refer to OpenAthens accounts in the OpenAthens system that may belong to end-users or administrators. An account will always exist directly under exactly one organisation.
User accounts are used to access OpenAthens-protected content. Administrator accounts are used to administer organisations and access the user administration application (they may also be used to access the API)Local accounts (i.e. those from connected directories) are not visible via the API.
Groups may contain zero or more accounts. Groups belong to, and are created by organisations. Although the API conceptually supports accounts being members of multiple groups, currently this behaviour is limited (for legacy reasons), and an individual account may only be a member of either zero or one group.