How to include all linked accounts in a single password request policy if using personal administrator accounts for each user?
Create a new Entitlement > add a new Access request policy with Password as type > in the Security tab, enable the option "Allow password access to linked account"
Selecting the above option allows users to request passwords for their respective linked account. Access to each user’s linked account is governed by the other configurations defined in this policy.
Additionally, Enable scope filtering for linked accounts can be selected in order to limit the number of requestable accounts to linked accounts that are also defined in the scope.
Example:
If a user has 3x Linked accounts and the user needs access to all 3 accounts with no difference in settings between each linked account then the first check box "Allow password access to linked account" is sufficient and in this case there is no need to add the linked account in the scope at all.
However, If the user has 3x Linked accounts and the user has different access requirements such as needs the default duration for 1x linked account to be 10 hours and the for the other 2x linked accounts to be set to 4 hours as default duration then this requires two separate Access Request Policies and in this case the first policy will require adding the 1x linked account in the Scope so that it is filtered with enabling the option "Enable scope filtering for linked accounts" and therefore the settings in this policy would apply only to that 1x linked account but not the other 2x linked accounts.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center