Chat now with support
Chat with Support

Identity Manager 9.3 - Web Portal User Guide

General tips and getting started Managing background processes Managing reports Managing security keys (WebAuthn) Requests
Setting up and configuring request functions Requesting products Managing the Saved for Later list Pending requests Displaying request history Displaying archived requests Sharing products with others Resubmitting requests Canceling requests Renewing products with limit validity periods Unsubscribing products Displaying approvals Undoing request approvals Managing request inquiries directed at you
Attestation
Managing attestations Managing attestation inquiries directed at you Displaying attestation history Managing your own attestation cases Managing pending attestations Revoking attestation case approvals
Compliance Managing risk index functions Responsibilities
Managing task delegations Ownerships Managing my responsibilities
Managing my departments Managing my application roles Managing my devices Managing my business roles Managing my identities Managing my cost centers Managing my multi-request resources Managing my multi requestable/unsubscribable resources Managing my resources Managing my software applications Managing my locations Managing my system entitlements Managing my system roles Managing my assignment resources Managing my team role
Managing responsibilities of my reports
Managing data
Managing departments Managing application roles Managing user accounts Managing business roles Managing identities Managing cost centers Managing multi-request resources Managing multi requestable/unsubscribable resources Managing resources Managing locations Managing system entitlements Managing system roles Managing assignment resources
Opening other web applications Managing tickets Statistics Appendix: Attestation conditions and approval policies from attestation procedures

Assigning identities to my application roles

You can assign identities to application roles for which you are responsible.

The following assignment options are available:

To assign an identity to a application role using a request

  1. In the menu bar, click Responsibilities > My Responsibilities.

  2. In the navigation, click Application roles.

  3. On the Application Roles page, click the application role to which you want to assign an identity.

  4. In the Edit Application Role side panel, click the Memberships tab.

  5. On the Memberships tab, click Secondary memberships.

  6. On the Memberships tab, click Request memberships.

  7. In the Request Memberships side panel, next to the identity to which you want to assign the application role, select the check box.

  8. Click Request memberships.

  9. Close the Edit Application Role side panel.

  10. In the menu bar, click Requests > Shopping cart.

  11. On the Shopping Cart page, click Submit.

    Once the request has been granted approval, the identity is assigned to the application role.

To add members automatically through a dynamic role

  1. In the menu bar, click Responsibilities > My Responsibilities.

  2. In the navigation, click Application roles.

  3. On the Application Roles page, click the application role for which you want to create a dynamic role.

  4. In the Edit Application Role side panel, click the Memberships tab.

  5. On the Memberships tab, click Automatic memberships.

  6. On the Automatic memberships tab, click Create dynamic role.

  7. Use conditions to specify which identities to add over the dynamic role. Perform the following actions to do this:

    1. In the Property drop-down, select the relevant property.

    2. In the Operator drop-down, select a logical operator.

    3. In the Value field, set the comparison value.

    4. (Optional) To add another condition, click Add another condition and repeat the steps.

    5. (Optional) To change the way the conditions are linked, next to Logical operator, click And or Or.

    TIP: To remove a condition, click (delete) next to the condition.

    For more information about customizing filter conditions, see Custom filter conditions.

  8. Click Save.

  9. (Optional) In the Calculation schedule menu, select the schedule that specifies when memberships are calculated.

  10. (Optional) To calculate memberships immediately after a relevant object is changed, select the Assignments recalculated immediately check box.

  11. Click Save.

TIP: A membership that was created through a dynamic role is labeled as Assigned by dynamic role in the memberships list.

To re-add an excluded member

  1. In the menu bar, click Responsibilities > My Responsibilities.

  2. In the navigation, click Application roles.

  3. On the Application Roles page, click the application role to which you want to re-add a member.

  4. In the Edit Application Role side panel, click the Memberships tab.

  5. On the Memberships tab, click Excluded members.

  6. Select the check box next to the identity you want to add again as a member.

  7. Click Remove exclusion.

Related topics

Removing identities from my application roles

You can remove application roles from identities, for which you are responsible, by deleting or unsubscribing the relevant memberships.

To remove an application role from an identity

  1. In the menu bar, click Responsibilities > My Responsibilities.

  2. In the navigation, click Application roles.

  3. On the Application Roles page, click the application role that has a membership you want to delete.

  4. In the Edit Application Role side panel, click the Memberships tab.

  5. On the Memberships tab, click Secondary Memberships.

  6. Next to the membership you want to delete, select the check box.

  7. Click Remove.

  8. (Optional) In the Remove Memberships side panel, perform the following:

    • For assignment requests: In the Reason for unsubscribing the membership field, enter why you want to remove the membership.

    • For memberships assigned through dynamic roles: In the Reason for excluding the members field, enter why you want to delete the memberships.

  9. Click Remove memberships.

    TIP: If you only selected direct memberships, confirm the prompt in the Remove Membership dialog with Yes.

Displaying my application roles' rule violations

You can display the rule violations of application roles for which you are responsible.

To display rule violations

  1. In the menu bar, click Responsibilities > My Responsibilities.

  2. In the navigation, click Application roles.

  3. On the Application Roles page, click the application role whose rule violations you want to display.

  4. On the Edit Application Role side panel, click the Rule Violations tab.

My application roles' history

The Web Portal allows you to display historical data of application roles for which you are responsible.

To do this, you have the following options:

Table 32: Historical data

View

Description

Events

Shows all events relating to the application role, either on a timeline or in a table (see Displaying my application roles' history).

Status overview

This shows you an overview of all assignments. It also shows you how long each change was valid for. Use the status overview to track when changes were made and by whom. This way, you not only see the initial and current status but you also see all the steps in between (see Displaying the status overview of my application roles).

Status comparison

You can select a date and display all the changes made from then until now. This also shows you what the value of the property was at the selected point in time and what the value is now (see Comparing statuses of my application roles).

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating