You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

Preapprove People To Group

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

To pre-approve a person or people to a group, using the PBAC membership policy, we need to follow the below steps

  1. Add a PBAC attribute to a person - PBAC field type or an attribute is a connector used to connect an EmpowerID actor like a person to a PBAC membership policy target such as a group.

  2. Create a PBAC membership policy (of the type pre-approve) for a group - It is required to create a PBAC membership policy so that we can use it for a target type( e.g., a Group).

  3. Add the same PBAC attribute to the policy - PBAC field type or attribute should be added to a PBAC membership policy, for connecting it to an EmpowerID actor.

  4. Wait for policy compilation and verify the result - Once the policy is compiled the person will be pre-approved as the group member.

Add a PBAC field Type or Attribute to a Person

  1. On the navbar, expand Identity Administration and select People.

  2. Search for a person to whom you want to add a PBAC field Type.

  3. Click on the person’s EmpowerID login link to open the view-one page for the person

     

  4. Click on the PBAC attribute assignment on the left menu. After that click on the + icon to add a PBAC attribute. Select the radio button Attribute Only, search for the name of the attribute and select the two check boxes for values of attribute (sales and Software). Click Save.

     

  5. This will add this attribute to the person.


Create a PBAC membership policy (type preapproved) for a group

PBAC Membership policies can be created on the view one page of the roles, groups, and collections that are the target of the policy. In the below example, we demonstrate how to create a policy of type eligible using the view-one page of a group that is the target of the policy.

  1. On the navbar, expand Identity Administration and select Groups.

  2. Search for a group name.

     

  3. Click on the group logon name hyperlink to open the group’s view-one page.

     

  4. Select the Advanced tab and scroll down to select Attribute-Based Membership Policies.

     

  5. Click on the + icon in the above image to create a new membership policy for this group. The below page will open. Enter the name of the policy, select the policy type as “pre-approved”. Check the IsEnable check box. Select the minute interval with 15 min and click on Save.

  6. This will create the PBAC membership policy and queue it for compilation.

Add a PBAC Attribute to a PBAC Membership Policy

You can add a PBAC attribute to an existing PBAC membership policy. In the previous step, we created a PBAC membership policy for a group. In this post, we are going to add the attribute to that PBAC membership policy. Therefore let us follow the below steps.

  1. On the navbar, expand Identity Administration and select Groups.

  2. Search for the group name.

  3. Scroll down. Under the Membership tab, select Attribute-Based Membership Policies and you can see the PBAC Membership policies attached to this group.

  4. Click on the Name link of the PBAC Membership policy you want to add an attribute to. This will open the view-one page of this PBAC membership policy. Select the Attribute Conditions (Field Types) link

     

  5. Click on the + icon to add an attribute to this policy that you added to the person earlier. Search for the name of the PBAC membership policy and select it. Select the two values ( sales and software) check boxes. Select the checkbox If matches all values. Click Save.

     

  6. The attribute is now added to the PBAC membership policy type.

     

  • No labels