You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Skip to end of banner
Go to start of banner

Onboard Groups

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

EmpowerID provides a comprehensive wizard workflow titled "Onboard Group," designed to simplify and streamline the process of onboarding groups within your organization. This user-friendly workflow guides users through each step, allowing them to perform a variety of group-related tasks during the onboarding process, including:

  • Adding Permanent Members: Easily add permanent members to the group, ensuring that the appropriate individuals have access to the necessary resources within the organization.

  • Applying RBAC Membership Policies: Add people to the group based on their RBAC assignments, such as belonging to a particular Management Role, Business Role and Location, or group. If users no longer have the RBAC assignment, they are automatically removed from the group.

  • Assigning Responsibility Parties and Owners: Assign responsible parties and owners to the group

  • Configuring IAM Shop Settings for the Group: Publish the group to the IAM Shop, configure eligibility and Access Request policies for the group

Step 1: Configure workflow parameters

The Onboard Group workflow incorporates numerous customizable parameters, allowing you to modify the fields displayed to users running the workflow. These parameters are listed in the below table. By customizing these parameters, you can tailor the workflow to best suit your organization's needs and preferences.

 View Workflow Parameters

Parameter

Description

DefaultDomainSuffix

Specifies the default domain suffix that appears in the workflow, such as “empoweridcontractors.onmicrosoft.com”

DefaultEmailMessageName

Name of email template to use for notifying people on creation of a new group

DefaultGroupUsageTypeId

Default integer value of the Group Usage Type.

 View Group Usage Types

Group Usage Type ID

Name

1

Generic

2

Privileged

3

Service

4

Application

5

Test

6

Project

7

Team

8

SharePoint

9

Notification

10

Feature Set

11

Role Mining

12

Dynamic

13

Computer

14

Mailbox Permission

15

Azure App Role

16

Security Global Mail Enabled

DefaultValuePermanentMembersOption

This is a Boolean value that specifies whether the Permanent Membership Option radio button appears to users running the workflow.

DefaultValueRBACMembershipOption

This is a Boolean value that specifies whether the RBAC Membership Policies radio button appears to users running the workflow.

DeputyResourceTypeRoleName

Specifies the Access Level granted to group deputies. The default value is “Resource Role Assigner.”

GroupAccessLevelNameForRBACMembershipPolicies

Specifies the Access Level for RBAC Membership Policies. The default value is “Group Member.”

GroupPurposeTextOne_RestrictedCharacters

Specifies the characters that will get removed from GroupPurposeTextOne before the group creation. No delimiters required. Sample values _#$

GroupPurposeTextTwo_RestrictedCharacters

Specifies the characters that will get removed from GroupPurposeTextTwo before the group creation. No delimiters required. Sample values _#$

ManagementRoleIDsToNotify

This is a comma separated list of Management Role IDs to be notified via email upon creation of a new group.

OwnerResourceTypeRoleName

Specifies the Access Level granted to group owners. The default value is “Resource Role Assigner.”

ShowGroupPurposeTextTwo

This is a Boolean value that specifies whether the “Group Purpopse Additional Text” field appears to users running the workflow.

ShowGroupUsageType

This is a Boolean value that specifies whether the “Group Usage Type” dropdown appears to users running the workflow.

ShowIAMShopSettings

This is a Boolean value that specifies whether the “Configure IAM Shop Settings” section appears to users running the workflow.

ShowIAMShopSettings_EligibleAssignees

This is a Boolean value that specifies whether the “Eligible Assignees” option appears to users running the workflow.

ShowIAMShopSettings_PreApprovedAssignees

This is a Boolean value that specifies whether the “PreApproved Assignees” option appears to users running the workflow.

ShowIAMShopSettings_SuggestedAssignees

This is a Boolean value that specifies whether the “Suggested Assignees” option appears to users running the workflow.

ShowMembershipOptions

This is a Boolean value that specifies whether the “Membership Options” section appears to users running the workflow.

ShowOwnershipOptions_Deputies

This is a Boolean value that specifies whether the “Deputies” dropdown under the “Group Ownership Settings” section appears to users running the workflow.

ShowOwnershipOptions_Owners

This is a Boolean value that specifies whether the “Owners” dropdown under the “Group Ownership Settings” section appears to users running the workflow.

TeamCreationDelayInMinutes

Specifies the mumber of minutes the system should wait before creating a Teams group/channel.

TeamDelayServerRestriction

This is a Boolean value the specified whether the creation of the Teams group/channel delayed instance should be picked up on the same server.

To configure workflow parameters, do the following:

  1. On the navbar, expand Low Code/No Code Workflow and select Low Code Workflows.

  2. Select the Workflow tab and search for Onboard Group.

  3. Click the Display Name for the workflow.

     

  4. On the View One page for the workflow, expand the Request Workflow Parameters accordion and search for the parameter you want to configure.

  5. Click the Edit (blue star) button for the parameter.

  6. Enter the new value in the Value field and click Save.

     

  7. Repeat the above steps to configure other parameters as needed.

Step 2: Run the workflow

  1. Navigate to the portal for the Resource Admin app in your environment.

  2. In Resource Admin, select Groups and then select the Workflows tab.

  3. Click Onboard Group.

    This opens the Onboard Group wizard workflow. Follow the wizard and fill in the fields of each section of the workflow with the appropriate information for your group. Please note that the sections and fields available may vary depending on the configuration of the workflow parameters.

  4. Under Tenant or Directory, select a tenant or directory location for the new group.

  5. If the directory is an on-premise directory, such as Active Directory, select the appropriate OU for the group.

  6. Click Submit to continue to the Group Information section of the workflow.

  7. Fill in the following fields in the General Information and Membership Options sections.

    • Group Purpose Text: Provide a statement describing the purpose of the group.

    • Group Purpose Additional Text: Include any additional information or details related to the group's purpose.

    • Group Usage Type: Specify the type or category that best represents the intended usage of the group.

    • Group Description: Optionally, provide a description of the group.

    • Do You Want To Add Permanent Members?: Select Yes if you want to add permanent members to the group while onboarding; otherwise, select No.

    • Do You Want To Add RBAC Membership Policies?: Select Yes if you want to add RBAC membership policies to the group; otherwise, select No.

  8. Click Next to continue to the Additional Group Details step of the workflow.

  9. Under Additional Group Details, fill out the necessary details for the group.

  10. Review the summary information for the application and then click Submit.

  11. Click Submit to exit the wizard.

External Stylesheet
  • No labels