Users of Identity and Access Management (IAM) generally belong to at least one IAM group or role in order to follow IAM security best practices. A collection of IAM users is referred to as an IAM user group.EmpowerID manages access to resources by using a combination of native system rights for applicable resource systems (such as Azure Active Directory and Windows Servers) and EmpowerID Operations. Each EmpowerID Operation is a protected code object that when executed within an EmpowerID workflow allows a resource within EmpowerID or a custom application to be accessed in a way that is consistent with the operation and the type of resource being accessed. Some examples include adding users to groups, creating mailboxes, updating user attributes or even viewing certain objects such as EmpowerID pages and reports. Each of these tasks correspond to a specific operation for a specific resource type that must be delegated to users (via Access Level assignments ) for each object with which they wish to interact.
As all access granted to any EmpowerID actor type is ultimately consumed by a person, the easiest way to manage user permissions is through role and group memberships. In this model, you define the access to IT resources users need and then assign those users to the roles and groups that best match those access requirements. This greatly simplifies permissions management. Rather than managing the access of hundreds or thousands of individual users, you need only manage the permissions granted to a handful of groups and roles and use policies to automate who belongs to those roles and groups.
Membership – EmpowerID allows dynamic assignment of users to a group’s membership or role using role-based delegations. Assignees can be any EmpowerID Actor type, such as Business Role and Location combinations, Management Roles, Query-Based Collections, and other groups or roles.
...
Info |
---|
Key Takeaways:
|
Info |
---|
Related Docs Topics: |
Easy html macro | ||||
---|---|---|---|---|
| ||||