Page Comparison

EmpowerID allows you to dynamically assign users to groups using role-based delegations. Assignees can be any EmpowerID Actor type, such as Business Role and Location combinations, Management Roles, Query-Based Collections and other groups. This topic demonstrates this by creating a dynamic group membership for anyone assigned to a specific Business Role and Location. In this way, any person who belongs to the Business Role and Location will is automatically be added to the group as a member.

This topic demonstrates how to create a dynamic group membership and is divided into the following activities:

Prerequisites:

Info

icon	false
title	Prerequisites

In order to create a dynamic group membership as described by this topic, the following prerequisites must be met:

EmpowerID must be connected to Active Directory. For a detailed walkthrough describing how to connect EmpowerID to Active Directory, see Connecting to Active Directory.
Group Membership Reconciliation must be enabled for the account store with the group(s)groups.
One server must be configured with either the All-in-One Server server role (for smaller environments running only one EmpowerID server) or the Application Server server role. For information on configuring server roles, see the First Steps Getting Started with Directory Systems topic under Connecting to Directory Systems.
The group for which you are creating a dynamic group membership must exist in EmpowerID.
The Business Role and Location or other EmpowerID actor type being targeted for dynamic group membership must exist in EmpowerID.
Additionally, to verify group membership, users must belong to the Business Role and Location or other EmpowerID actor type targeted for dynamic group membership.

To create dynamic group memberships

From the Navigation Sidebar of the EmpowerID Web interface, navigate to the Delegations page by expandingIn the navigation sidebar, expand Identities and clickingclick Manage Delegations.
From the Delegations page, click the On the Actor Delegations tab (selected by default). From this tab, you can manage the access to resources of any EmpowerID Actor.Select the appropriate actor type from the To which type of actor do you wish to assign access? drop-downfrom the drop-down list, select an actor type. In our example, we are selecting select Business Role and Location.
Image Removed
Image Added
Search for and select a Business Role business role from the Business Role tree and then search for and select a Location from location from the Location tree. In our example, we are selecting select the Contractor Business Role and the All Business Locations LocationRegional Finance business role and the Ohio location. In this way, any person who is a contractorin regional finance in or below the All Business Locations location will be Ohio location is dynamically added to the target group as a member.

Info
Please note that the people must in the Business Role and Location must have user accounts linked to their Person in order to be added to the group.
Image Removed
Select Direct from

Image Added
In the Assignment Type drop-down, leave the default value of Direct.
From On the Assignments grid, click the Add Assignments (+) button.
Image Removed
Image Added
In the Grant Access dialog that appears, do the following:
1. SelectSet the Resource Type to Group (Security) from the Resource Type drop-down.Type the name of the specific group for which you are creating the dynamic membership in theGeneric).
2. In the Enter a Group (SecurityGeneric) Name to Search field, type the name of the group for which to create dynamic membership and then click the tile for that group. In our example, we are selecting select the Contractors AWSAdmins group.
3. Select the Member from the Set the Access Level drop-downto Member.
4. Optionally, tick select Time Constrained if you want to add a time constraint to the Access Level assignment . Time constraints limit the effectiveness of so the assignment to is only effective during the specified times. In our example, we are not adding a time constrainttime period or on specified days.
5. Click AddSave to add the policy to your shopping cart.
  Image Removed
  Image Added
Click the Shopping Cart icon, type a reason for the assignment and then click Submit.
Image Removed
Image Added

To verify the group membership in EmpowerID

From In the Navigation Sidebar, navigate to theGroup page by expanding navigation sidebar, expand Identities and clickingclick Groups.
Search for the Group for which you created the dynamic membership and then click thethe Logon NameName link for that group.
From the group's View One page, expand Expand the Group Members accordion . You should to see the user accounts have been added to the group.
Tip
If you have an email account that is registered with EmpowerID, you can email the contents of this grid to your email account by clicking on the Email icon.

Image RemovedImage Added

To verify the group membership in Active Directory

Open Active Directory Users and Computers and search for the group you targeted for dynamic group membership.
Open the Properties window for the group and click the Members tab . You should to see that the appropriate user accounts have been added to the group as members.