Configure Eligibility for Computers

Eligibility rules allow you to restrict who can and cannot see and shop for IT resources that you have enabled for the IAM Shop. Users added as eligible assignees for specific resources can shop for those objects in the IAM Shop.

Procedure

  1. On the navbar, expand Privileged Access and select Computers.

  2. Select the Computers tab and search for the computer for which you want to configure eligibility. 

  3. Click the Display Name link for the computer.


    This action opens the View One page for the computer.

     

  4. Click the Eligibility subtab.
    You should see the following two eligibility accordions:

    • Who is Eligible to Request (As Resource) – Allows you to specify who is eligible to request access to the computer and their eligibility type.

    • Who is Excluded from Requesting (As Resource) – Allows you to explicitly specify who is not eligible to shop for the computer

  5. Expand the Who is Eligible to Request (As Resource) accordion and do the following to give users the ability to shop for access to the computer:

    1. Click the Add button in the grid header.

       

    2. Fill in the fields of the Assignment Information pane:

      • Eligibility Type – Select Eligible, PreApproved, or Suggested.

      • Which Type of Assignee for this Policy – Search for and select the EmpowerID actor type for which you are granting eligibility. For example, if you want to grant eligibility to all members of a specific group, you select Group as the assignee type.

      • Select <Assignee> Name to Search – Search for and select the specific assignee eligible for access to the Management Role. The assignee must match the assignee type, or it will not appear when searching. For example, if you select Group as the assignee type, you can only search for groups.

    3. After entering your information, click Save.

       

    4. Repeat the above steps for any other eligibility assignments desired.

    5. Click Submit when ready.

Expected Results

Users granted eligibility to the computer(s) should be able to request access to them in the IAM Shop.