EmpowerID provides a comprehensive wizard workflow titled The "Onboard Group," designed to simplify and streamline the process of onboarding groups within your organization. This user-friendly workflow guides users through each step, allowing them to perform a variety " workflow provided by EmpowerID offers a structured and intuitive approach for integrating groups into your organization's system. This workflow is tailored to assist users in performing a range of group-related tasks efficiently during the onboarding process, including. Key functionalities of this workflow include:
Adding Permanent Members:
...
This feature allows for the seamless addition of permanent group members, ensuring that the
...
right individuals
...
gain access to
...
necessary organizational resources
...
.
Applying RBAC Membership Policies:
...
Users can add members to a group based on
...
Role-Based Access Control (RBAC) assignments, such as
...
specific Management Roles, Business
...
Roles, and
...
Locations, or group affiliations.
...
Automatic removal of users from the group is triggered if they lose their RBAC assignments.
Assigning Responsibility Parties and Owners:
...
Users can designate responsible parties and owners
...
for the group.
Configuring IAM Shop Settings
...
:
...
The group can be published to the IAM Shop,
...
where eligibility and Access Request policies
...
are configured.
Step 1: Configure workflow parameters
...
On the navbar, expand Low Code/No Code Workflow and select Low Code Workflows.
Select the Workflow tab and search for Onboard Group.
Click the Display Name for the workflow.
On the View One page for the workflow, expand the Request Workflow Parameters accordion and search for the parameter you want to configure.
Click the Edit
button for the parameter.
Enter the new value in the Value field and click Save.
Repeat the above steps to configure other parameters as needed.
Step 2: Run the workflow
...
To onboard a group, follow these steps:
Access the Portal: Log in to the Resource Admin app in your environment.
Navigate to Group Workflows: In Resource Admin, select Groups from the Resource Type menu and then select the Workflows tab.
Launch the Onboard Group Workflow: Click Onboard Group to start the workflow.
This opens the Onboard Group wizard workflow. Follow the wizard and fill in the fields of each section of the workflow with the appropriate information for your group. Please note that the sections and fields available may vary depending on the configuration of the workflow parameters.
Under Select a Tenant or Directory, select a : Choose the tenant or directory location for the new group. If the directory is an For on-premise directory, such as directories like Active Directory, additionally select the appropriate OU for the groupOrganizational Unit (OU).
Submit and Proceed: Click Submit to continue move to the Group Information section of the workflow.
Fill in General Group Information: Provide details in the following fields in the General Information and Membership Options sections. :
Group Purpose Text: Provide a statement describing the purpose of Enter a name for the group.
Group Purpose Additional Text: Include any additional information or details related to the group's purposeEnter a display name for the group.
Group Usage Type: Specify the type or category that best represents Indicate the intended usage of category for the group.
Group Description: Optionally, provide give a brief description of the group.
Do You Want To Add Permanent Members?: Select Yes
Configure Membership Options:
Review the summary information for the application and then click Submit.Decide if you want to add permanent members to the group while onboarding; otherwise, select No.Do You Want To Add RBAC Membership Policies?: Select Yes if you want to add .
Choose whether to apply RBAC membership policies to the group; otherwise, select No.
Click Next to continue to the Additional Group Details step of the workflow.
Under Additional Group Details, fill out the necessary details for the group.
.
Click Next to proceed to Additional Group Details and enter additional information about the group, including:
Group Type: Select the appropriate type for the group.
Is Mail Enabled: If applicable, enable this feature and specify email settings, such as requiring authenticated senders and setting the email domain. Please note mail settings only appear when onboarding groups in directories that support email usage.
Notes: Add any relevant notes about the group.
Click Next to proceed to Owner Information and enter the following information:
Responsible Party: Search for and select the user responsible for managing and maintaining the group.
Owners: Search for and select one or more users to be group owners.
Deputies: Search for and select one or more users to be group deputies.
Click Next to proceed to IAM Shop Settings and do the following:
Decide if the group should be requestable in the IAM Shop.
If so, select an Access Request Policy and define Eligible, Preapproved, and Suggested Assignees. Users must have one of the below eligibility assignments to view the group in the IAM Shop.
Eligible Assignees – Choose the type (Person, Group, SetGroup, Management Role, Business Role and Location), and then search for and select the specific assignees eligible for the group.
Preapproved Assignees – Choose the type (Person, Group, SetGroup, Management Role, Business Role and Location), and then search for and select the specific assignees pre-approved for the group.
Suggested Assignees – Choose the type (Person, Group, SetGroup, Management Role, Business Role and Location), and then search for and select the specific assignees suggested for the group.
Optionally, enter any Additional IAM Shop Settings information.
Click Next to proceed.
If you opted to add group members earlier, search for and select one or more accounts to add as group members and then click Next to proceed.
If you opted to add RBAC Membership policies earlier, do the following and then click Next to proceed:
Select the type of RBAC Membership policy type. Types include Person, Group, Set Group, Management Role, Management Role Definition, and Business Role and Location.
Search for and select the specific assignee for the type. For example, if you selected Management Role as the type, search for and select the specific Management Role.
Repeat a and b to add additional assignee types as needed.
Click Preview RBAC Membership Resultant People if you want to preview the number of people who would be added to the group based on the policy.
If you opted to Preview RBAC Membership Resultant People, review the resultant count and then click Next to review the resultant list of people.
If you opted to Preview RBAC Membership Resultant People, review the RBAC Membership Resultant List of People and click Next to proceed.
Review the summary information and then click Submit to onboard the group.
Review the Operation Execution Summary and click Submit.
Click Submit to exit the wizard.
Insert excerpt IL:External Stylesheet IL:External Stylesheet nopanel true
Results
After completing these steps, the group will be onboarded successfully. You can view the group in the connected system and in EmpowerID. To do this:
In Connected System: Navigate to the system and search for the group.
In EmpowerID: Search for the group directly.
Audit Log: To view the audit log, go to System Logs > Audit Log.
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|