Management Roles Needed for Password Management

In EmpowerID, you can control access to Password Manager operations by assigning users to specific Management Roles. To work with Password Management, users must have the appropriate role assigned to them. Management Roles in EmpowerID have prefixes that indicate their function, such as UI, VIS, and ACT for Password Manager.

UI Management Roles grant users access to specific elements within EmpowerID's web interface. For instance, the UI-Person-Password-Self-Service role allows users to access the self-service password reset enrollment interface and change their own passwords.

VIS Management Roles enable users to view specific objects within EmpowerID. By default, every user has the VIS-Person-Self role for Password Manager.

ACT Management Roles provide users with the ability to manage specific objects within EmpowerID. For example, a Password Manager ACT role might allow users to reset passwords or unlock accounts for others.

By understanding these Management Role types, organizations can effectively manage user access to Password Manager operations in EmpowerID.

Roles needed to manage Password Manager policies

To manage Password Manager policies, users need the following role:

  • UI-Admin-Password-Manager: This grants access to the user interface and workflows for managing Password Manager policies.

Roles needed to enroll for Password Self-Service Reset

To reset their passwords, users need a combination of the following Management Roles:

  • ACT-Person-Password-Self-Service: This role enables users to change passwords, enroll, and perform other self-service operations.

  • UI-Person-Password-Self-Service: This role provides access to workflows and user interfaces for password changes, enrollment, and other self-service operations.

  • Password-Self-Service User: This role grants access to perform password self-service and includes the following roles: ACT-Person-MFA-Self-Service, ACT-Person-Password-Self-Service, UI-Person-Multi-Factor-Authentication-Self-Service, UI-Person-Password-Self-Service, and VIS-Person-Self.

Roles needed for Help Desk Password Reset

Help Desk personnel need a combination of the following Management Roles to reset users' passwords:

  • UI-Person-Password-Helpdesk: Provides access to user interfaces necessary for assisted password resets and account unlocks.

  • UI-Account-Password-Helpdesk: Allows access to user interfaces needed for assisted password resets and account unlocks for user accounts.

  • ACT-Person-Password-Helpdesk-* roles (like -Partners, -MyOrg, -MyLocations, -DirectReports, -Customers, -All): These roles give the ability to assist different groups of people within the specified scope by resetting passwords and unlocking accounts.

  • ACT-Account-Password-Helpdesk-* roles (like -SAP, -Partners, -O365, -MyOrg, -MyLocations, -DirectReports, -Customers, -AWS, -All, -AD): These roles provide the ability to perform password resets, and account unlocks within the specified scope for various groups of user accounts.

  • Password Helpdesk for All People: This role grants the ability to perform password helpdesk resets for all people and contains the following roles: ACT-Person-Password-Helpdesk-All, UI-Person-Password-Helpdesk, and VIS-Person-All.

IN THIS ARTICLE

Â