Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
If your organization has partners that access your system to manage the IT resources you have allocated to them, you can quickly set up your environment to manage those partners using the built-in partner roles and locations.
This topic demonstrates how to manage partner delegations by creating
twoa fictitious
partnerspartner named "Hendriks Hardware
" and "Acme Anvils." We then create
twoa test partner admin and a test partner
adminsuser and log in to EmpowerID as those
partner adminsusers. The purpose of this is to test the delegations. You can follow along, creating these test partners or
supplysupplying your own
. To follow along, replace these two organizations with your actual partners.
If the environment has been correctly configured, the partner admins should only be able to see their locations; they should not be able to see your IT infrastructure or those of any other of your partners. The partner admins should also be able to manage their partner users outside of your intervention.
To create partner locations
In the Navigation SidebarStep 1 – Create a partner location
On the navbar, expand Role Management and click Business Roles and Locations.
Select the Actions tab and then click Create Location.
Image Added
This opens the Location Details form
.
Image AddedDo the following in the form:
Name – Name of the partner location. It is recommended the name matches the partner organization.
Display Name – Name of the partner location users to see in the EmpowerID UI.
Description – Short characterization of the location
Tick Is Assignable so that the option is enabled.
Underneath Parent
ID, click the X to delete the EmpowerID System location and then click the Select a Location link to open the Location Selector.
- Image Added
Search for and select
Partners.
Image AddedSelect Organization
- Security Container as the Location Type
.
- Image Added
Leave the other fields as is and click Save to create the Location.
Repeat the above steps
to create locations for each of your remaining partners.
Step 2 – Create a test partner
adminsadmin
On the navbar, expand Identity Administration and click People.
Click the Onboard Person action to initiate the Onboard Person workflow.
Select Simple Mode as the Person Creation Mode and click Next to proceed to the Person Details step fo the workflow.
Image AddedEnter a First Name and Last Name for the partner admin.
Enter Email and Personal Email addresses for the partner admin.
Underneath Primary Business Role and Location, click the Select a Role and Location link to open the Business Role and Location (BRL) Selector.
From the Business Role pane of the BRL Selector, search for and select Partner Admin.
Image AddedClick Location to show the Location pane of the BRL Selector.
From the Location pane, search for and select one of the
partner
locations you created above, and then click Select.
Image Added
Click Next to proceed to the Additional Information section of the workflow.
Review the summary information and click Submit.
Image AddedRepeat the above steps to create additional test partner admins as needed.
Reset the passwords for each of your test
partner admins. For information on resetting passwords, see Reset Passwords.
Step 3 – Create a test
thepartner
delegationsuser
On the navbar, expand Identity Administration and click People.
Click the Create Identity action.
Image Added
This opens the Create Identity form.Fill in the following required fields and click Save.
Field | Description | Example |
---|---|---|
First Name | First name of the user | Frank |
Last Name | Last name of the user | Emu |
Login | EmpowerID login for the user | frank.emu |
Primary Role and Location | Business Role and Location for the user. For partners, the Business Role is Partners and the location is the location for the partner organization. | Partner in Henrik Hardware Procedure:
|
|
|
|
|
4. Repeat the above steps to create additional test partner users as needed.
5. Reset the passwords for each of your test partner users. For information on resetting passwords, see Reset Passwords.
Step 3 – Test the partner delegations
Log out of the EmpowerID Web application and log back in as
a partner
user.
Expand the nodes in the Navigation Sidebar. You should see that you have few options and cannot even view other people in your organization.
If prompted to protect access to your identity, select None.
Image AddedClick the Global Search drop-down at the top of the page. You should only see search options for People.
Search for people by clicking in the Global Search field and pressing ENTER. You should only see the people in the partner organization.
View the navbar. You should see the navigation items:
Navigation Item | Purpose |
---|---|
Dashboards | View personal home dashboard |
Password Management | Access to following features:
|
My Identity | Directs the user to the My Identity app |
IAM Shop | Directs the user to the IAM Shop app |
Business Requests and Tasks | Directs the user to the My Tasks app |
Identity Administration | Directs the user to the Resource Admin app |
Step 3 – Test the partner admin delegations
Log out of the EmpowerID Web application and log back in as a partner admin.
If prompted to protect access to your identity, select None.
Image AddedYou should see the same navigation and search options as the partner user, with the exception that you can access the Find People page from the navbar.
From the navbar, expand Identity Administration and click People.
Image Added
You should see that you have access to the actions shown below.
Optional exercises
Repeat the above steps, creating as many partner users and partner admins as desired. Your test results should be consistent across the board.
In a non-production environment, do the following to have EmpowerID automatically provision user accounts for the partners:
As an administrator, create test OUs for the partner locations you created above.
For a general example on creating OUs, see Create Organizational UnitsMap those locations to the appropriate OUs.
For a general example on mapping locations to OUs, see Role and Location MapperCreate a Provisioning Policy that provisions an Active Directory user account in the appropriate OU for each person assigned to the Partner in Partners Business Role and Location. This policy will provision an AD Account for all partner and partner admins in any location under the Partners location.
For a general example, see Active Directory User Account Provisioning Policies.Log in to the Web application as one of the partner admins and search for user accounts. You should see one user account for each partner you created.
Div | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
IN THIS ARTICLE
| class
| topicTOC
| ||||||
In this article | ||||||||
Table of Contents | ||||||||
maxLevel | 2 | style | none
|
|
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|