What is bithright access?
2 types - provisioning and access/membership
EmpowerID supports automated provisioning and deprovisioning of birthright account identities in external target directories and applications through the configuration of provisioning policies. These policies can be assigned or scoped using any RBAC assignment point such as Business Role and Location, Query Based Collection, or Management Role membership.
AD/LDAP Account Creation Location Logic
When provisioning users automatically via provisioning policies into AD or LDAP directories, EmpowerID must determine into which OU a person’s account should be provisioned. The default logic is to follow the RBAC mapping for the Location portion of a Person’s Business Role and Location to create the account in the Account Store OU mapped to that EmpowerID Location. In some cases, this default logic is not desired and a custom rule should be implemented. For these cases, EmpowerID allows the creation of a plugin in Workflow Studio to handle this unique RET AD/LDAP Account Creation Location logic.Birthright access is a term used to define a Person’s initial access to IT systems based upon their role in the organization. It is the access they automatically receive by policy without generating any access requests. EmpowerID divides this access into two types: Provisioning Policies, which define the new objects that should be automatically created for a Person; and Access Assignments, which are the policies used to add the Person’s user accounts to groups, application roles, or permissions.
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|