You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Map Rights to Local Functions

Once a Local Function is created and linked to a Global Function, the next step is to map rights and roles from external systems to the Local Function. This action is essential for providing a clear understanding of user permissions within the external system associated with the Functions.

This article details how to establish a Right Mapping policy for a Local Function and illustrates the procedure for mapping rights to the policy.

Procedure

Step 1 – Create a Right Mapping Policy

  1. On the navbar, expand Compliance and click Risk Management.

    • This directs you to the Risk Management page.

      image-20240119-204216.png

       

  2. On the Risk Management page, locate and select the Local Functions tab.

  3. Search for the local function you wish to map.

  4. Click the Name link for the desired local function.

    image-20240119-204638.png

     

    • This opens the View One page, where you can view and manage the function.

       

  5. On the View One page, select the Function Mappings tab.

  6. Expand the Right Mapping Policies accordion and click the Add button.

     

  7. In the dialog that appears, enter the following information and click Save.

    • Name: Enter a name for the Right Mapping Policy.

    • Display Name: Enter a user-friendly display name for the Right Mapping Policy.

    • Is Enabled: Select to enable compilation of the Right mapping policy.

  8. Click Save to create the Right Mapping policy.

     

Step 2 – Map rights to the policy

  1. In the Right Mapping Policies accordion, click the Name link for the policy to which you want to map rights.


    This opens the View One page for the Local Function Policy. From this page, you can add rights to the policy.

     

  2. Expand the Rights and Field Types Mapped to Function accordion and click the Add [+] button.

     

  3. In the Right field, search for and select the right within the managed resource system you want to add to the policy. In the below example, we select microsoft.directory/groups/createasowner right for a specific Azure tenant. In this way, the function only returns users with that right in that system.

     

  4. Click Save.