You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Management Roles Needed for Password Management

EmpowerID restricts access to Password Manager operations through the use of Management Roles. To work with Password Management, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:

  • UI – Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for Password Manager is UI-Person-Password-Self-Service. This role grants users access to the user interfaces and workflows for enrolling for self-service password reset and change their own passwords.

  • VIS – Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID. An example of this type of role for Password Manager is VIS-Person-Self. All users have this Management Role by default.

  • ACT – Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID. An example of this type of role for Password Manager is ACT-Password-Self-Service. This role grants users access to change passwords, enroll for password self-service reset, and perform other password self-service operations.

Roles needed to manage Password Manager policies

To manage Password Manager policies, users need the following Management Role

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Admin-Password-Manager

Grants access to the user interface and workflows for managing Password Manager policies.

Feature Set

Roles needed to enroll for Password Self-Service Reset

To reset their passwords, users need to have a combination of the following Management Role assignments (based on the needed scope):

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

ACT-Person-Password-Self-Service

Grants users access to change password, enroll and other password self-service operations.

Activity

UI-Person-Password-Self-Service

Grants access to change password, enroll and other password self-service workflows and user interfaces.

Feature Set

Password-Self-Service User

Grants access to perform password self-service.

Role Bundle – Contains the below Management Roles

  • ACT-Person-MFA-Self-Service

  • ACT-Person-Password-Self-Service

  • UI-Person-Multi-Factor-Authentication-Self-Service

  • UI-Person-Password-Self-Service

  • VIS-Person-Self

Roles needed for Help Desk Password Reset

To reset passwords for users, Help Desk personnel need to have a combination of the following Management Role assignments (based on the needed scope):

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Person-Password-Helpdesk

Grants users with the role access to the user interfaces needed to perform assisted password resets and unlocks for people.

Feature Set

UI-Account-Password-Helpdesk

Grants users with the role access to the user interfaces needed to perform assisted password resets and unlocks for user accounts.

Feature Set

ACT-Person-Password-Helpdesk-Partners

Grants users with the role the ability to assist all people in or below partners location by resetting passwords and unlocking accounts.

Activity

ACT-Person-Password-Helpdesk-MyOrg

Grants users with the role the ability to assist people in the person's organization by resetting passwords and unlocking accounts.

Activity

ACT-Person-Password-Helpdesk-MyLocations

Grants users with the role the ability to assist people in the person's locations by resetting passwords and unlocking accounts.

Activity

ACT-Person-Password-Helpdesk-DirectReports

Grants users with the role the ability to assist direct reports by resetting passwords and unlocking accounts.

Activity

ACT-Person-Password-Helpdesk-Customers

Grants users with the role the ability to assist all people in the customers location by resetting passwords and unlocking accounts.

Activity

ACT-Person-Password-Helpdesk-All

Grants users with the role the ability to assist all people by resetting passwords and unlocking accounts.

Activity

ACT-Account-Password-Helpdesk-SAP

Grants users with the role the ability to perform user account password resets and unlocks for all SAP ABAP accounts.

Activity

ACT-Account-Password-Helpdesk-Partners

Grants users with the role the ability to perform user account password resets and unlocks for all accounts in or below the partners location.

Activity

ACT-Account-Password-Helpdesk-O365

Grants users with the role the ability to perform user account password resets and unlocks for all Office 365 accounts.

Activity

ACT-Account-Password-Helpdesk-MyOrg

Grants users with the role the ability to perform user account password resets and unlocks for all accounts in person's organizations.

Activity

ACT-Account-Password-Helpdesk-MyLocations

Grants users with the role the ability to perform user account password resets and unlocks for all accounts in person's locations.

Activity

ACT-Account-Password-Helpdesk-DirectReports

Grants users with the role the ability to perform user account password resets and unlocks for users accounts owned by direct reports.

Activity

ACT-Account-Password-Helpdesk-Customers

Grants users with the role the ability to perform user account password resets and unlocks for all accounts in or below the customers locations.

Activity

ACT-Account-Password-Helpdesk-AWS

Grants users with the role the ability to perform user account password resets and unlocks for all AWS accounts

Activity

ACT-Account-Password-Helpdesk-All

Grants users with the role the ability to perform user account password resets and unlocks for all accounts.

Activity

ACT-Account-Password-Helpdesk-AD

Grants users with the role the ability to perform user account password resets and unlocks for all Active Directory accounts.

Activity

Password Helpdesk for All People

Grants users with the role the ability to perform password helpdesk resets for all people.

Role Bundle – Contains the below Management Roles

  • ACT-Person-Password-Helpdesk-All

  • UI-Person-Password-Helpdesk

  • VIS-Person-All

IN THIS ARTICLE

Â