Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

EmpowerID provides two methods for creating groups: Create Group Simple and Create Group Advanced. Use the Create Group Simple method for fewer fields and options if minimal information is needed. If you need to input more information or configure more properties for the group, use the Create Group Advanced method.

This article demonstrates how to create a group using the advanced method.

...

Create a Group

  1. On the navbar, expand Identity Administration and select Groups.

  2. Select the Create Group action.

    Image Removed

  3. Enter the following information in the form fields:

    • Name – Name of the group

    • Logon Name – Logon name of the group

    • Display Name – Display name of the group

    • Creation Location – Select an account store and then search for and select the desired location in that account store

      Image Removed

    • Group Type – Type of group (Available group types are contextualized to the type of account store selected for the creation location. For example, if the account store is an Azure AD tenant, available types include Office 365 group and Security Global, whereas if the account store is Active Directory, available types include Distribution Domain Local, Distribution Universal, Security Domain Local, Security Global, and Security Universal.

    • Is Mail Enabled – Select to enable the group to receive emails; this option is only available for groups that can be mail enabled.

    • Notes – Optional notes

    • Description – Description of the group

    • Publish in IT Shop – Select this option to make the group available to eligible users in the IT Shop.

    • Auto-Accept Join or Leave Requests – Select to enable users to self-service join and leave the group without requiring approval.

    • Prevent Deletion in EmpowerID – Select to prevent the group from being deleted in an EmpowerID workflow

    • Is High Security Group – Select if the group is high security

    • Valid Until – Optional; if you have a custom workflow that uses this property, click the field and select a date from the calendar

    • Comments or Justification – Optional

  4. When ready, click Save to create the group.

After EmpowerID creates the group, your browser is directed to the View page for the group. This page allows you to view and manage the group as needed.

...

a comprehensive wizard workflow titled "Onboard Group," designed to simplify and streamline the process of onboarding groups within your organization. This user-friendly workflow guides users through each step, allowing them to perform a variety of group-related tasks during the onboarding process, including:

  • Adding Permanent Members: Easily add permanent members to the group, ensuring that the appropriate individuals have access to the necessary resources within the organization.

  • Applying RBAC Membership Policies: Add people to the group based on their RBAC assignments, such as belonging to a particular Management Role, Business Role and Location, or group. If users no longer have the RBAC assignment, they are automatically removed from the group.

  • Assigning Responsibility Parties and Owners: Assign responsible parties and owners to the group

  • Configuring IAM Shop Settings for the Group: Publish the group to the IAM Shop, configure eligibility and Access Request policies for the group

Step 1: Configure workflow parameters

The Onboard Group workflow incorporates numerous customizable parameters, allowing you to modify the fields displayed to users running the workflow. These parameters are listed in the below table. Customizing these parameters allows you to best tailor the workflow to suit your organization's needs and preferences.

Expand
titleView Workflow Parameters

Parameter

Description

DefaultDomainSuffix

Specifies the default domain suffix that appears in the workflow, such as “empoweridcontractors.onmicrosoft.com”

DefaultEmailMessageName

Name of email template to use for notifying people on creation of a new group

DefaultGroupUsageTypeId

Default integer value of the Group Usage Type.

Include Page
IL:Group Usage Types
IL:Group Usage Types

DefaultValuePermanentMembersOption

This is a Boolean value that specifies whether the Permanent Membership Option radio button appears to users running the workflow.

Image Added

DefaultValueRBACMembershipOption

This is a Boolean value that specifies whether the RBAC Membership Policies radio button appears to users running the workflow.

Image Added

DeputyResourceTypeRoleName

Specifies the Access Level granted to group deputies. The default value is “Resource Role Assigner.”

GroupAccessLevelNameForRBACMembershipPolicies

Specifies the Access Level for RBAC Membership Policies. The default value is “Group Member.”

GroupPurposeTextOne_RestrictedCharacters

Specifies the characters that will get removed from GroupPurposeTextOne before the group creation. No delimiters required. Sample values _#$

GroupPurposeTextTwo_RestrictedCharacters

Specifies the characters that will get removed from GroupPurposeTextTwo before the group creation. No delimiters required. Sample values _#$

ManagementRoleIDsToNotify

This is a comma separated list of Management Role IDs to be notified via email upon creation of a new group.

OwnerResourceTypeRoleName

Specifies the Access Level granted to group owners. The default value is “Resource Role Assigner.”

ShowGroupPurposeTextTwo

This is a Boolean value that specifies whether the “Group Purpopse Additional Text” field appears to users running the workflow.

Image Added

ShowGroupUsageType

This is a Boolean value that specifies whether the “Group Usage Type” dropdown appears to users running the workflow.

Image Added

ShowIAMShopSettings

This is a Boolean value that specifies whether the “Configure IAM Shop Settings” section appears to users running the workflow.

Image Added

ShowIAMShopSettings_EligibleAssignees

This is a Boolean value that specifies whether the “Eligible Assignees” option appears to users running the workflow.

Image Added

ShowIAMShopSettings_PreApprovedAssignees

This is a Boolean value that specifies whether the “PreApproved Assignees” option appears to users running the workflow.

Image Added

ShowIAMShopSettings_SuggestedAssignees

This is a Boolean value that specifies whether the “Suggested Assignees” option appears to users running the workflow.

Image Added

ShowMembershipOptions

This is a Boolean value that specifies whether the “Membership Options” section appears to users running the workflow.

Image Added

ShowOwnershipOptions_Deputies

This is a Boolean value that specifies whether the “Deputies” dropdown under the “Group Ownership Settings” section appears to users running the workflow.

Image Added

ShowOwnershipOptions_Owners

This is a Boolean value that specifies whether the “Owners” dropdown under the “Group Ownership Settings” section appears to users running the workflow.

Image Added

TeamCreationDelayInMinutes

Specifies the mumber of minutes the system should wait before creating a Teams group/channel.

TeamDelayServerRestriction

This is a Boolean value the specified whether the creation of the Teams group/channel delayed instance should be picked up on the same server.

To configure workflow parameters, do the following:

  1. On the navbar, expand Low Code/No Code Workflow and select Low Code Workflows.

  2. Select the Workflow tab and search for Onboard Group.

  3. Click the Display Name for the workflow.

    Image Added

     

  4. On the View One page for the workflow, expand the Request Workflow Parameters accordion and search for the parameter you want to configure.

  5. Click the Edit (blue star) button for the parameter.

    Image Added

  6. Enter the new value in the Value field and click Save.

    Image Added

     

  7. Repeat the above steps to configure other parameters as needed.

Step 2: Run the workflow

  1. Navigate to the portal for the Resource Admin app in your environment.

  2. In Resource Admin, select Groups and then select the Workflows tab.

  3. Click Onboard Group.

    Image Added

    This opens the Onboard Group wizard workflow. Follow the wizard and fill in the fields of each section of the workflow with the appropriate information for your group. Please note that the sections and fields available may vary depending on the configuration of the workflow parameters.

    Image Added

  4. Under Tenant or Directory, select a tenant or directory location for the new group.

  5. If the directory is an on-premise directory, such as Active Directory, select the appropriate OU for the group.

  6. Click Submit to continue to the Group Information section of the workflow.

    Image Added

  7. Fill in the following fields in the General Information and Membership Options sections.

    • Group Purpose Text: Provide a statement describing the purpose of the group.

    • Group Purpose Additional Text: Include any additional information or details related to the group's purpose.

    • Group Usage Type: Specify the type or category that best represents the intended usage of the group.

    • Group Description: Optionally, provide a description of the group.

    • Do You Want To Add Permanent Members?: Select Yes if you want to add permanent members to the group while onboarding; otherwise, select No.

    • Do You Want To Add RBAC Membership Policies?: Select Yes if you want to add RBAC membership policies to the group; otherwise, select No.

  8. Click Next to continue to the Additional Group Details step of the workflow.

  9. Under Additional Group Details, fill out the necessary details for the group.

  10. Review the summary information for the application and then click Submit.

  11. Click Submit to exit the wizard.

    Insert excerpt
    IL:External Stylesheet
    IL:External Stylesheet
    nopaneltrue

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet