Each resource object that EmpowerID protects has a View One page associated with it. For groups, this page is the “View One Person Group Page.” This page contains tabs and accordions that provide information about a specific group and gives administrators and other delegated users the ability to manage that group in EmpowerID. The below image shows what a typical View One Group Page looks like to a user with admin access to the group.
...
The View One Group Page contains a number of tabs and accordions that provide information about the specific group being viewed , and access to workflows for managing that group.
Macrosuite divider macro | |||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The General tab allows users to view general information about a group and manage aspects of that group as needed. The tab contains a number of components to include including informational cards about the group, as well as various accordions that provide authorized users access to workflows for managing the group.
...
Components of the General tab include the following:
Component | Purpose | ||||||||
---|---|---|---|---|---|---|---|---|---|
General Card | Displays general information about the group, such as the group type and the account store
| ||||||||
Flags Card | Displays flags for the group, such as whether the group is published in the IT Shop. Users with appropriate access, can change the state of this flag as needed.
| ||||||||
EmpowerID Attributes Card | Displays EmpowerID attributes for the group. Examples of attributes include Application Role Owners and Application Role Approvers.
| ||||||||
Group Members Accordion | Displays group members, as well as provides access to edit these as needed. | ||||||||
Pre-Approved Just-in-Time Accordion | Displays eligibility types for the group as well as provides access for authorized users to create new eligibility types. In the below image, all members of the Doc in Docs Business Role and Location are preapproved for just-in-time membership in the group. This means members of the Business Role and Location will be granted group membership as soon as they request it in the IT Shop. | ||||||||
Resultant Membership Accordion | Displays all members of the group, including direct and indirect memberships | ||||||||
Access Managers (Owners) Accordion | Displays group owners and provides access to add new owners as well as remove current owners | ||||||||
Actions Accordion | Displays several Workflow tiles that can used to perform actions against the group, such as adding accounts to the group, etc. The actions that appear on this page are contingent on the group type of the group. For example, the “Convert Group Membership to RBAC Assignments” action shown below appears only for Generic group types. | ||||||||
Additional Information Accordion | Provides access to additional information about the group, such as “Who Has Access to this Group”, etc. |
Macrosuite divider macro | |||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The Advanced tab provides access to various subtabs and cards with additional information about the groups than is displayed on the General tab.
...
Components of the Advanced tab include the following:
Component | Purpose | ||||||||
---|---|---|---|---|---|---|---|---|---|
General Card | Displays general information about the group, such as the group type and the account store
| ||||||||
Flags Card | Displays flags for the group, such as whether the group is published in the IT Shop. | ||||||||
Advanced Options Card | Displays advanced information about the group, such as the Group GUID | ||||||||
Extension Attributes 1-10 Card | Displays extension attributes 1-10 stored in the database for the group, if any | ||||||||
Extension Attributes 11-20 Card | Displays extension attributes 11-20 stored in the database for the group, if any | ||||||||
Membership Tab | Contains several accordions with categorized group membership information | ||||||||
Access Tab | Displays current access by category for the group | ||||||||
Risks Tab | Displays risk-related information for the group, such as any local functions granted to the group | ||||||||
RBAC Tab | Displays categorized RBAC information about the group, such as group membership | ||||||||
Policies Tab | Displays policy-related information for the group, such as any inherited resource entitlements granted to the group | ||||||||
Eligibility Tab | Displays eligibility-related information for the group, such as “Who is Eligible for this Group” | ||||||||
Other Tab | Displays miscellaneous information about the group, such as the search tags linked to it |
Macrosuite divider macro | |||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The Other Attributes tab provides access to extension and custom attribute information specific to the group and common Actions, such as “Add Accounts to Group.” Please note that the Actions available are contingent on the group type of the group. For example, the “Convert Group Membership to RBAC Assignments” action shown below appears only for Generic group types.
...
Macrosuite divider macro | |||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The Optimize tab provides quick access to visual dashboards of information related to group memberships, including least privilege and risks stats, as well as allows users with the appropriate access to manage aspects of the group as needed.
...
Components of the Optimize tab include the following:
Component | Purpose |
---|---|
Membership Dashboard | Displays quick view of the number of members in a group, including JIT versus permanent members |
Functional Access Card | Displays any local functions the group has, and the risk level associated with those functions |
Group Members Accordion | Displays current group members and gives authorized users the ability to manage membership |
Pre-Approved Just-in-Time Members Accordion | Displays assignees who are pre-approved for group membership. Pre-approved assignees are automatically granted membership when requesting it from the IT Shop. In the below image, the pre-approved assignee is a Business Role and Location. This means that all members of the Business Role and Location are pre-approved. |
Assignments Granting Membership in Group Accordion | Displays group members and information about the origin of the group membership |
Membership Changes Accordion | Displays changes in group membership |
Resultant Members Accordion | Displays all members of the group, including direct and indirect members |
Direct Mapped Local Functions Accordion | Displays all local functions mapped directly to the group and gives authorized users the ability to manage the functions mapped to a group |
Function Access Report Accordion | Displays information about any functions the group has access to, including direct and indirect function access |
Violations Accordion | Displays violations of organizational risk policies for the group, if any |
Rules Accordion | Displays Risk rules associated with the group, if any |
Recertification Items Accordion | Displays recertification items for the group, if any |
Actions Accordion | Displays a list of workflow tiles that can be used to perform common actions against the group, such as adding accounts to the group |
Macrosuite hidden content macro | ||||||
---|---|---|---|---|---|---|
|
...