Versions Compared

Old Version 4

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. On the navbar, expand Privileged Access and select Computers.

  2. Select the Computers tab and then search for the computer for which you want to configure eligibility for

  3. Click the Display Name link for the computer.


    This action opens the View One page for the computer. View One pages are designed to facilitate the viewing and management of the corresponding objects in EmpowerID.

  4. Click the Eligibility subtab.
    You should see the following two eligibility accordions:

    • Who is Eligible to Request (As Resource) – Allows you to specify who is eligible to request access to the computer , as well as and their eligibility type.

    • Who is Excluded from Requesting (As Resource) – Allows you to explicitly specify who is not eligible to shop for the computer

  5. Expand the Who is Eligible to Request (As Resource) accordion and do the following to give users the ability to shop for access to the computer:

    1. Click the Add button in the grid header.

    2. Fill in the fields of the Assignment Information pane:

      • Eligibility Type – Select Eligible, PreApproved,or Suggested.

      • Which Type of Assignee for this Policy – Search for and select the EmpowerID actor type for which you are granting eligibility. For example, if you want to grant eligibility to all members of a specific group, you select Group as the assignee type.

      • Select <Assignee> Name to Search – Search for and select the specific assignee eligible for access to the Management Role. The assignee must match the assignee type, or it will not appear when searching. For example, if you select Group as the assignee type, you can only search for groups.

    3. After entering your information, click Save.

    4. Repeat the above steps for any other eligibility assignments desired.

    5. Click Submit when ready.

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

...

IAM Shop Assignees is an optional feature that you can implement to give eligible users the ability to request specific permissions, known as “IAM Shop Permission Levels,” for computers in the IAM Shop. Out-of-the-box options for computers include Local Admin and Domain Admin; however, you can create your own as needed. When users are added as IAM Shop Assignees for the computer, they can select the permission level(s) when requesting access.

Info

If you wish to display to users additional options beyond the out-of-the-box IAM Shop Permission Levels, you can do so by creating your own and linking them to the computer resource type. For information, see Creating IAM Shop Permission Levels.

  1. From the View One page for the computer, click the RBAC subtab and expand IAM Shop Assignees for Requesting Access.

  2. Click the Add New (blue star) button.

    Image Removed

  3. Under General, select the IAM Shop Permission Level you want to assign.

    Image Removed

  4. Under Assignee Granting the Permission Level, do the following:

    1. Select the assignee type from the Which Type of Assignee For This Policy dropdown.

    2. Select the appropriate assignee from the Select <Assignee> To Receive Policy dropdown.

      Image Removed

  5. Click Save.

    Image Removed

  6. Repeat to add other assignees as needed.

  7. Click Submit to complete the process.

    Image Removed

Expected Results

EmpowerID assigns the specified target to the IAM Shop permission level. These assignments can be viewed in the IAM Shop Assignments accordion under the RBAC subtab.

...