Security Matrix
Entitlements in Epic, including the EMPTemplate and SubTemplates, are assigned to the Epic users based on one or more attributes associated with the Identity. Security matrix is a table that consists of entitlements grouped with one or more attributes of the Identity, which mostly consist of organizational attributes.
One Identity Manager out of the box provides capabilities to assign these entitlements, including the EMPTemplates and SubTemplates, to organizations or business roles. This allows all user accounts linked to person Identities that belong to these organizations to automatically inherit the respective entitlements. Maintenance of such assignments becomes difficult while dealing with a combination of business roles as dynamic groups. Several dynamic group calculations also degrade the overall performance of assignments. In this scenario, configuring entitlements for the combination of One Identity Manager organizations and business roles in the security matrix makes the process easier to maintain and performance effective.
Security Matrix for EMP template
Security matrix for EMPTemplate is a table that consists of EMPTemplates grouped with one or more attributes of the Identity, which mostly consist of organizational attributes.
Configuring SecurityMatrix for EMPTemplate
A mapping must be established between the Person Identity attributes and the EMPTemplate security matrix attributes to group the EMPTemplate with one or more attributes of the Identity.
This section describes the steps to define such mappings in One Identity Manager.
To define the column mappings between the Person Identity and the Security Matrix for EMPTemplate
- Open One Identity Manager and select the appropriate Epic connection that has been created.
- In the Tasks section, select the link Assign Epic EMPTemplate Matrix property mapping.
- Select the Person column and corresponding Security Matrix column from the respective drop downs for the mapping.
- Save the mappings.
NOTE: The Epic EMPTemplate security matrix has a maximum of ten Properties that can be mapped with the Person Identity. The security matrix will always apply an AND operation on the combination of properties when assigning the respective EMPTemplate.
Importing SecurityMatrix for EMPTemplate
EMPTemplates can be assigned automatically to an Epic user account through SecurityMatrix. To achieve this, SeurityMatrix must be imported into One Identity Manager. On subsequent changes to the security matrix, the updates to the matrix must be imported so that the Epic user account to EMPTemplate assignments are updated.
You can import the SeurityMatrix using these methods