Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
In EmpowerID restricts , you can control access to Password Manager operations through the use of by assigning users to specific Management Roles. To work with Password Management, users must be have the appropriate role assigned to the appropriate rolesthem. Management Roles are prefixed by their function in EmpowerID and include the following:
UI – Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for Password Manager isin EmpowerID have prefixes that indicate their function, such as UI, VIS, and ACT for Password Manager.
UI Management Roles grant users access to specific elements within EmpowerID's web interface. For instance, the UI-Person-Password-Self-Service
. Thisrole
grantsallows users to access
tothe
user interfaces and workflows for enrolling forself-service password reset enrollment interface and change their own passwords.
VIS
–Management Roles
prefixed with VIS grant users the ability to seeenable users to view specific objects
in EmpowerID. An example of this type of role for Password Manager iswithin EmpowerID. By default, every user has the VIS-Person-Self
. All users have this Management Role by defaultrole for Password Manager.
ACT
–Management Roles
prefixedprovide users with
ACT grant usersthe ability
toto manage specific objects
inwithin EmpowerID.
An example of this type of role forFor example, a Password Manager
isACT
-Password-Self-Service. This role grants users access to change passwords, enroll for password self-service reset, and perform other password self-service operationsrole might allow users to reset passwords or unlock accounts for others.
By understanding these Management Role types, organizations can effectively manage user access to Password Manager operations in EmpowerID.
Roles needed to manage Password Manager policies
To manage Password Manager policies, users need the following Management Role
Management Role
Access Granted by Management Role
role:
UI-Admin-Password-Manager
: This grants access to the user interface and workflows for managing Password Manager policies.
Feature Set
Roles needed to enroll for Password Self-Service Reset
To reset their passwords, users need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role
Access Granted by Management Role
Roles:
ACT-Person-Password-Self-Service
: This role enables users to change
passwords, enroll, and perform other
self-service operations.
UI-Person-Password-Self-Service
: This role provides access to
workflows and user interfaces for password changes, enrollment, and other
self-service
operations.
Feature Set
Password-Self-Service User
: This role grants access to perform password self-service
Role Bundle – Contains the below Management Roles
and includes the following roles:
ACT-Person-MFA-Self-Service
,
ACT-Person-Password-Self-Service
,
UI-Person-Multi-Factor-Authentication-Self-Service
,
UI-Person-Password-Self-Service
, and
VIS-Person-Self
.
Roles needed for Help Desk Password Reset
To reset passwords for users, Help Desk personnel need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role
Access Granted by Management Role
Role Type
Roles to reset users' passwords:
UI-Person-Password-Helpdesk
: Provides access to
user interfaces
necessary for assisted password resets and account unlocks
.
UI-Account-Password-Helpdesk
: Allows access to
user interfaces needed
for assisted password resets and account unlocks for user accounts.
ACT-Person-Password-Helpdesk
Grants users with the role the ability to assist all people in or below partners location by resetting passwords and unlocking accounts.
Activity
ACT-Person-Password-Helpdesk-MyOrg
Grants users with the role the ability to assist people in the person's organization by resetting passwords and unlocking accounts.
Activity
ACT-Person-Password-Helpdesk-MyLocations
Grants users with the role the ability to assist people in the person's locations by resetting passwords and unlocking accounts.
Activity
ACT-Person-Password-Helpdesk-DirectReports
Grants users with the role the ability to assist direct reports by resetting passwords and unlocking accounts.
Activity
ACT-Person-Password-Helpdesk-Customers
Grants users with the role the ability to assist all people in the customers location by resetting passwords and unlocking accounts.
Activity
ACT-Person-Password-Helpdesk-All
-*
roles (like-Partners
,-MyOrg
,-MyLocations
,-DirectReports
,-Customers
,-All
): These roles give the ability to assist different groups of people within the specified scope by resetting passwords and unlocking accounts.
Activity
ACT-Account-Password-Helpdesk
Grants users with the role the ability to perform user account password resets and unlocks for all SAP ABAP accounts.
Activity
ACT-Account-Password-Helpdesk-Partners
Grants users with the role the ability to perform user account password resets and unlocks for all accounts in or below the partners location.
Activity
ACT-Account-Password-Helpdesk-O365
Grants users with the role the ability to perform user account password resets and unlocks for all Office 365 accounts.
Activity
ACT-Account-Password-Helpdesk-MyOrg
Grants users with the role the ability to perform user account password resets and unlocks for all accounts in person's organizations.
Activity
ACT-Account-Password-Helpdesk-MyLocations
Grants users with the role the ability to perform user account password resets and unlocks for all accounts in person's locations.
Activity
ACT-Account-Password-Helpdesk-DirectReports
Grants users with the role the ability to perform user account password resets and unlocks for users accounts owned by direct reports.
Activity
ACT-Account-Password-Helpdesk-Customers
Grants users with the role the ability to perform user account password resets and unlocks for all accounts in or below the customers locations.
Activity
ACT-Account-Password-Helpdesk-AWS
Grants users with the role the ability to perform user account password resets and unlocks for all AWS accounts
Activity
ACT-Account-Password-Helpdesk-All
Grants users with the role the ability to perform user account password resets and unlocks for all accounts.
Activity
ACT-Account-Password-Helpdesk-AD
Grants users with the role the ability to perform user account password resets and unlocks for all Active Directory accounts.
Activity
Password Helpdesk for All People
-*
roles (like-SAP
,-Partners
,-O365
,-MyOrg
,-MyLocations
,-DirectReports
,-Customers
,-AWS
,-All
,-AD
): These roles provide the ability to perform password resets, and account unlocks within the specified scope for various groups of user accounts.Password Helpdesk for All People
: This role grants the ability to perform password helpdesk resets for all people
Role Bundle – Contains the below Management Roles
and contains the following roles:
ACT-Person-Password-Helpdesk-All
,
UI-Person-Password-Helpdesk
, and
VIS-Person-All
.
Div | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
IN THIS ARTICLE
|
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|