Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 2

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When setting up IAM Shop Permission Levels for computers, organizations select specific groups with these permissions within the native system. Users who are members of these groups are granted the access specified by the permission level. Moreover, systems can be configured to support Just-In-Time account provisioning for these groups. In such cases, EmpowerID creates an account linked to the individual and adds it to the group for the duration of the session. Upon the session's end, the account is removed from the group, ensuring a least privileged, zero-trust security model.

Steps to Assign IAM Shop Permission Levels

To effectively assign IAM Shop Permission Levels, administrators must do the following:

...

Info

EmpowerID includes default IAM Shop Permission Levels for computers, such as "Local Admin" and "Domain Admin." However, you can create custom permission levels tailored to your organization's needs. For more information on customization, please see Create IAM Shop Permission Levels.

Procedure

  1. Access the Computer's View (Configuration) Page:

    • Use the Global Search to locate the computer you wish to configure.

    • Navigate to the RBAC subtab on the computer's View page.

    • Expand the IAM Shop Assignees for Requesting Access accordion.

    • Click the Add New button.

  2. Configure the IAM Shop Permission Level:

    • Under General, select the desired IAM Shop Permission Level.

      image-20240510-171643.png

    • Under Assignee Granting the Permission Level, do the following:

      • Select whether to Enforce Assignee Eligibility in IAM Shop. This setting instructs the system to check whether users requesting the permission level are eligible to receive it by having membership in the assignee granting the permission level. For example, if the assignee granting the permission is a group, users need to belong to that group to receive the permission level.

      • Select the assignee type from the Which Type of Assignee For This Policy dropdown.

      • Select the appropriate assignee from the Select <Assignee> To Receive Policy dropdown.

        image-20240508-154209.png

      • Click Save.

  3. Finalize the Configuration:

    • Repeat the addition of other assignees as necessary.

    • Click Submit to complete the process.

Expected Results

EmpowerID creates the IAM Shop Assignment for the IAM Shop permission level. You can view and manage these assignments in the IAM Shop Assignees for Requesting Access accordion.

...