Users of Identity and Access Management (IAM) generally belong to at least one IAM group or role in order to follow IAM security best practices. A collection of IAM users is referred to as an IAM user group.
Membership – EmpowerID allows dynamic assignment of users to a group’s membership or role using role-based delegations. Assignees can be any EmpowerID Actor type, such as Business Role and Location combinations, Management Roles, Query-Based Collections, and other groups or roles.
For Example, we can create a dynamic group membership for anyone assigned to a specific Business Role and Location. Thus, any person who belongs to that Business Role and Location is automatically added to the group or role as a member.
Permissions – permissions are nothing but rights to do certain things in the system. User groups or roles allow you to specify permissions for many users, making it easier to manage those users' permissions.
Membership and permissions are configured for birthright access by EmpowerID using four simple steps as depicted in the image below:
Grant Who – which users to grant the access.
Which Type of access – which type of access to be granted.
Where: Select Resources or a Location – which resources or location the user will get access to.
Why & for How Long – for how long the access will be granted.
Key Takeaways:
EmpowerID allows dynamic assignment of users to a group’s membership using role-based delegations.
Permissions are nothing but rights to do certain things in the system.
Membership and permissions can be configured for birthright access by EmpowerID.