Skip to end of banner
Go to start of banner

Create Claims Mapping Policy

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

To create a new claims mapping policy for the Azure app in the system, EmpowerID offers a user-friendly wizard interface, “Create Azure Claims Mapping Policy. “ This wizard takes you through the steps of adding the claims mapping, assigning owners, adding default assignees, and configuring how it will appear in the IT shop. Simply follow the instructions provided below to complete the process.

In order to create an Azure claims mapping policy, it is required that the user be either a resource admin or the owner of the resource. Therefore, this workflow will only be available to those who meet this criteria.

  1. Log in to EmpowerID.

  2. Please choose the Applications context from the dropdown menu and then select the Claims Mapping Policy.

  3. To access the Create Azure Claims Mapping Policy workflow, simply click on the Workflows tab and select the appropriate link. The workflow will begin once you click on the link.

  4. You will now see the Create Azure Claims Mapping Policy wizard workflow. Simply follow the step-by-step guide and provide all the necessary details for the Management Role in each section. Remember to click on "Next" after completing each step.

    • Select the Type of Role: Please choose the type of management role you would like to onboard.

    • Friendly Name for Your Role- Provide a user-friendly label that appears in the application's user interface representing the Management Role.

    • Please Write a Role Description- Please input a brief explanation of the Management Role.


    • Name- Provide a unique and descriptive identifier for the Management Role

    • Display Name- Please provide a user-friendly label that appears in the application's user interface representing the Management Role.

    • Management Role Type - Choose the appropriate management role type.

    • Management Role Definition - Select the management role definition for the management role.

    • Email - Please provide the email for the management role.

    • Select a Location - Select a location in EmpowerID for the application. This location is for RBAC delegation only. If there is a location selected by default and you wish to change it, click the link for the location and then search for and select the desired location from the Location tree.

    • Description - Provide a brief explanation of the Management Role.

    • Responsible Party- Search for and select the responsible party for the management role.

    • Owners– Search for and select the role owner. You can assign multiple people to the owner.

    • Deputies – Search for and select one or more management role deputies.


    • Set Requestable Setting – If you choose to enable the management role in the IAM Shop, the settings below will become applicable.

    • Select Access Request Policy – Please choose the Access Request policy to apply in handling requests for the management role.

    • Select Assignees – Search for and select eligible users for the management role. Users must have one of the below eligibility assignments to view the management role in the IAM Shop.

      • Eligible Assignees – Choose the type (Person, Group, SetGroup, Management Role, Business Role, and Location), then search for and select the specific assignees eligible for the management role.

      • Preapproved Assignees – Choose the type (Person, Group, SetGroup, Management Role, Business Role, and Location), then search for and select the specific assignees pre-approved for the management role.

      • Suggested Assignees – Choose the type (Person, Group, SetGroup, Management Role, Business Role, and Location), then search for and select the specific assignees suggested for the management role.

    When you create a new management role, you have the option to include other management roles. These selected roles will automatically be added to the newly created management role.

    You can add existing groups as members of the management role you are creating. Once the management role is created, the groups you select will be added to the management role by default.

    • Type the Name of the Group and Click on Search

    • Select the Group (s) to add as members into the management role.

    Furthermore, you can include individuals as members of the management role you are establishing. After the Group is created, the individuals you selected will automatically be added to the management role.

    • Please enter the name of the person you are searching for in the designated search box.

    • Please click the search button to display a list of individuals matching your criteria.

    • To choose someone, mark the checkbox next to their name. You can repeat this process to add more people to your selection. The number of people you've chosen will be shown in the "selected" label.

    Before proceeding, it is recommended that you review the summary information. For your convenience, the summary is organized into multiple tabs, allowing you to verify that the correct inputs have been provided to create the necessary management roles.



  5. Please click on the "Submit" button to create the Azure claims policy role and exit the wizard.


  • No labels