You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Role-Based Group Memberships
EmpowerID allows you to dynamically assign users to groups using role-based delegations. Assignees can be any EmpowerID Actor type, such as Business Role and Location combinations, Management Roles, Query-Based Collections and other groups. This topic demonstrates this by creating a dynamic group membership for anyone assigned to a specific Business Role and Location. In this way, any person who belongs to the Business Role and Location is automatically added to the group as a member.
This topic demonstrates how to create a dynamic group membership and is divided into the following activities:
To create role-based group memberships
- In the navigation sidebar, expand Identity Administration and click Manage Delegations.
- On the Actor Delegations tab (selected by default), from the drop-down list, select an actor type. In our example, we select Business Role and Location.
Search for and select a business role from the Business Role tree and then search for and select a location from the Location tree. In our example, we select the Regional Finance business role and the Ohio location. In this way, any person who is in regional finance in or below the Ohio location is dynamically added to the target group as a member.
Please note that the people must in the Business Role and Location must have user accounts linked to their Person in order to be added to the group.
- In the Assignment Type drop-down, leave the default value of Direct.
- On the Assignments grid, click the Add Assignments (+) button.
- In the dialog that appears, do the following:
- Set the Resource Type to Group (Generic).
- In the Enter a Group (Generic) Name to Search field, type the name of the group for which to create dynamic membership and then click the tile for that group. In our example, we select the AWSAdmins group.
- Set the Access Level to Member.
- Optionally, select Time Constrained to add a time constraint to the Access Level assignment so the assignment is only effective during the specified time period or on specified days.
- Click Save to add the policy to your shopping cart.
- Click the Shopping Cart icon, type a reason for the assignment and then click Submit.
To verify the group membership in EmpowerID
- In the navigation sidebar, expand Identity Administration and click Groups.
- Search for the Group for which you created the dynamic membership and then click the Logon Name link for that group.
Expand the Group Members accordion to see the user accounts added to the group.
To verify the group membership in Active Directory
- Open Active Directory Users and Computers and search for the group you targeted for dynamic group membership.
- Open the Properties window for the group and click the Members tab to see the user accounts added to the group as members.