You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Access to Password Management Features
- Phillip Hanegan
EmpowerID restricts access to Password Manager operations through the use of Management Roles. To work with Password Management, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:
UI – Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for Password Manager is UI-Person-Password-Self-Service. This role grants users access to the user interfaces and workflows for enrolling for self-service password reset and change their own passwords.
VIS – Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID. An example of this type of role for Password Manager is VIS-Person-Self. All users have this Management Role by default.
ACT – Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID. An example of this type of role for Password Manager is ACT-Password-Self-Service. This role grants users access to change passwords, enroll for password self-service reset, and perform other password self-service operations.
Roles needed to manage Password Manager policies
To manage Password Manager policies, users need the following Management Role
Management Role | Access Granted by Management Role | Role Type |
|---|---|---|
UI-Admin-Password-Manager | Grants access to the user interface and workflows for managing Password Manager policies. | Feature Set |
Roles needed to enroll for Password Self-Service Reset
To reset their passwords, users need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role | Access Granted by Management Role | Role Type |
|---|---|---|
ACT-Person-Password-Self-Service | Grants users access to change password, enroll and other password self-service operations. | Activity |
UI-Person-Password-Self-Service | Grants access to change password, enroll and other password self-service workflows and user interfaces. | Feature Set |
Password-Self-Service User | Grants access to perform password self-service. | Role Bundle – Contains the below Management Roles
|
Roles needed for Help Desk Password Reset
To reset passwords for users, Help Desk personnel need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role | Access Granted by Management Role | Role Type |
|---|---|---|
UI-Person-Password-Helpdesk | Grants users with the role access to the user interfaces needed to perform assisted password resets and unlocks for people. | Feature Set |
UI-Account-Password-Helpdesk | Grants users with the role access to the user interfaces needed to perform assisted password resets and unlocks for user accounts. | Feature Set |
ACT-Person-Password-Helpdesk-Partners | Grants users with the role the ability to assist all people in or below partners location by resetting passwords and unlocking accounts. | Activity |
ACT-Person-Password-Helpdesk-MyOrg | Grants users with the role the ability to assist people in the person's organization by resetting passwords and unlocking accounts. | Activity |
ACT-Person-Password-Helpdesk-MyLocations | Grants users with the role the ability to assist people in the person's locations by resetting passwords and unlocking accounts. | Activity |
ACT-Person-Password-Helpdesk-DirectReports | Grants users with the role the ability to assist direct reports by resetting passwords and unlocking accounts. | Activity |
ACT-Person-Password-Helpdesk-Customers | Grants users with the role the ability to assist all people in the customers location by resetting passwords and unlocking accounts. | Activity |
ACT-Person-Password-Helpdesk-All | Grants users with the role the ability to assist all people by resetting passwords and unlocking accounts. | Activity |
ACT-Account-Password-Helpdesk-SAP | Grants users with the role the ability to perform user account password resets and unlocks for all SAP ABAP accounts. | Activity |
ACT-Account-Password-Helpdesk-Partners | Grants users with the role the ability to perform user account password resets and unlocks for all accounts in or below the partners location. | Activity |
ACT-Account-Password-Helpdesk-O365 | Grants users with the role the ability to perform user account password resets and unlocks for all Office 365 accounts. | Activity |
ACT-Account-Password-Helpdesk-MyOrg | Grants users with the role the ability to perform user account password resets and unlocks for all accounts in person's organizations. | Activity |
ACT-Account-Password-Helpdesk-MyLocations | Grants users with the role the ability to perform user account password resets and unlocks for all accounts in person's locations. | Activity |
ACT-Account-Password-Helpdesk-DirectReports | Grants users with the role the ability to perform user account password resets and unlocks for users accounts owned by direct reports. | Activity |
ACT-Account-Password-Helpdesk-Customers | Grants users with the role the ability to perform user account password resets and unlocks for all accounts in or below the customers locations. | Activity |
ACT-Account-Password-Helpdesk-AWS | Grants users with the role the ability to perform user account password resets and unlocks for all AWS accounts | Activity |
ACT-Account-Password-Helpdesk-All | Grants users with the role the ability to perform user account password resets and unlocks for all accounts. | Activity |
ACT-Account-Password-Helpdesk-AD | Grants users with the role the ability to perform user account password resets and unlocks for all Active Directory accounts. | Activity |
Password Helpdesk for All People | Grants users with the role the ability to perform password helpdesk resets for all people. | Role Bundle – Contains the below Management Roles
|
IN THIS ARTICLE
Â