Page Comparison

In EmpowerID restricts , you can control access to Password Manager operations through the use of by assigning users to specific Management Roles. To work with Password Management, users must be have the appropriate role assigned to the appropriate rolesthem. Management Roles are prefixed by their function in EmpowerID and include the following:

UI – Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for Password Manager is

in EmpowerID have prefixes that indicate their function, such as UI, VIS, and ACT for Password Manager.

UI Management Roles grant users access to specific elements within EmpowerID's web interface. For instance, the UI-Person-Password-Self-Service

. This

role

grants

allows users to access

to

the

user interfaces and workflows for enrolling for

self-service password reset enrollment interface and change their own passwords.

VIS

–

Management Roles

prefixed with VIS grant users the ability to see

enable users to view specific objects

in EmpowerID. An example of this type of role for Password Manager is

within EmpowerID. By default, every user has the VIS-Person-Self

. All users have this Management Role by default

role for Password Manager.

ACT

–

Management Roles

prefixed

provide users with

ACT grant users

the ability

to

to manage specific objects

in

within EmpowerID.

An example of this type of role for

For example, a Password Manager

is

ACT

-Password-Self-Service. This role grants users access to change passwords, enroll for password self-service reset, and perform other password self-service operations

role might allow users to reset passwords or unlock accounts for others.

By understanding these Management Role types, organizations can effectively manage user access to Password Manager operations in EmpowerID.

Roles needed to manage Password Manager policies

To manage Password Manager policies, users need the following Management Role

Management Role

Access Granted by Management Role

Role Type

role:

UI-Admin-Password-Manager

Grants

: This grants access to the user interface and workflows for managing Password Manager policies.

Feature Set

Roles needed to enroll for Password Self-Service Reset

To reset their passwords, users need to have a combination of the following Management Role assignments (based on the needed scope):

Management Role

Access Granted by Management Role

Role Type

Roles:

ACT-Person-Password-Self-Service

Grants users access

: This role enables users to change

password

passwords, enroll, and perform other

password

self-service operations.

Activity

UI-Person-Password-Self-Service

Grants

: This role provides access to

change password, enroll

workflows and user interfaces for password changes, enrollment, and other

password

self-service

workflows and user interfaces

operations.

Feature Set

Password-Self-Service User

Grants

: This role grants access to perform password self-service

.

Role Bundle – Contains the below Management Roles

and includes the following roles: ACT-Person-MFA-Self-Service

, ACT-Person-Password-Self-Service

, UI-Person-Multi-Factor-Authentication-Self-Service

, UI-Person-Password-Self-Service

, and VIS-Person-Self.

Roles needed for Help Desk Password Reset

To reset passwords for users, Help Desk personnel need to have a combination of the following Management Role assignments (based on the needed scope):

Management Role

Access Granted by Management Role

Role Type

Roles to reset users' passwords:

UI-Person-Password-Helpdesk

Grants users with the role

: Provides access to

the

user interfaces

needed to perform

necessary for assisted password resets and account unlocks

for people

.

Feature Set

UI-Account-Password-Helpdesk

Grants users with the role

: Allows access to

the

user interfaces needed

to perform

for assisted password resets and account unlocks for user accounts.

Feature Set

ACT-Person-Password-Helpdesk

-Partners

Grants users with the role the ability to assist all people in or below partners location by resetting passwords and unlocking accounts.

Activity

ACT-Person-Password-Helpdesk-MyOrg

Grants users with the role the ability to assist people in the person's organization by resetting passwords and unlocking accounts.

Activity

ACT-Person-Password-Helpdesk-MyLocations

Grants users with the role the ability to assist people in the person's locations by resetting passwords and unlocking accounts.

Activity

ACT-Person-Password-Helpdesk-DirectReports

Grants users with the role the ability to assist direct reports by resetting passwords and unlocking accounts.

Activity

ACT-Person-Password-Helpdesk-Customers

Grants users with the role the ability to assist all people in the customers location by resetting passwords and unlocking accounts.

Activity

ACT-Person-Password-Helpdesk-All

Grants users with the role the ability to assist all people

-* roles (like -Partners, -MyOrg, -MyLocations, -DirectReports, -Customers, -All): These roles give the ability to assist different groups of people within the specified scope by resetting passwords and unlocking accounts.

Activity

ACT-Account-Password-Helpdesk

-SAP

Grants users with the role the ability to perform user account password resets and unlocks for all SAP ABAP accounts.

Activity

ACT-Account-Password-Helpdesk-Partners

Grants users with the role the ability to perform user account password resets and unlocks for all accounts in or below the partners location.

Activity

ACT-Account-Password-Helpdesk-O365

Grants users with the role the ability to perform user account password resets and unlocks for all Office 365 accounts.

Activity

ACT-Account-Password-Helpdesk-MyOrg

Grants users with the role the ability to perform user account password resets and unlocks for all accounts in person's organizations.

Activity

ACT-Account-Password-Helpdesk-MyLocations

Grants users with the role the ability to perform user account password resets and unlocks for all accounts in person's locations.

Activity

ACT-Account-Password-Helpdesk-DirectReports

Grants users with the role the ability to perform user account password resets and unlocks for users accounts owned by direct reports.

Activity

ACT-Account-Password-Helpdesk-Customers

Grants users with the role the ability to perform user account password resets and unlocks for all accounts in or below the customers locations.

Activity

ACT-Account-Password-Helpdesk-AWS

Grants users with the role the ability to perform user account password resets and unlocks for all AWS accounts

Activity

ACT-Account-Password-Helpdesk-All

Grants users with the role the ability to perform user account password resets and unlocks for all accounts.

Activity

ACT-Account-Password-Helpdesk-AD

Grants users with the role the ability to perform user account password resets and unlocks for all Active Directory accounts.

Activity

Password Helpdesk for All People

Grants users with the role

-* roles (like -SAP, -Partners, -O365, -MyOrg, -MyLocations, -DirectReports, -Customers, -AWS, -All, -AD): These roles provide the ability to perform password resets, and account unlocks within the specified scope for various groups of user accounts.
Password Helpdesk for All People: This role grants the ability to perform password helpdesk resets for all people

.

Role Bundle – Contains the below Management Roles

and contains the following roles: ACT-Person-Password-Helpdesk-All

, UI-Person-Password-Helpdesk

, and VIS-Person-All

Insert excerptIL:External StylesheetIL:External Stylesheetnopaneltrue

.

Div

style	float: left; position: fixed;

IN THIS ARTICLE

Table of Contents

maxLevel	4
minLevel	2
style	none

Insert excerpt

	IL:External Stylesheet
	IL:External Stylesheet
nopanel	true

Versions Compared

Old Version 1

New Version Current

Key

Roles needed to manage Password Manager policies

Roles needed to enroll for Password Self-Service Reset

Roles needed for Help Desk Password Reset