To provision users based on roles, you must specify an Admin Portal role. Users with the Admin Portal role will be matched to existing or new accounts in your app, within the specified groups.
The Idaptive Identity Platform immediately synchronizes user account and role mapping changes.
Provisioning assigns users access and assignments based on the top-most role mapping. The order of the roles displayed in the Role Mappings section represents priority. The role at the top of the list has user provisioning priority. For example, if a user has mapped provisioning for multiple roles, the Idaptive Identity Platform provisions the user, based on the top-most role in the list. For more details, see Setting up app-specific provisioning.
- Ensure that the provisioning credentials are entered and verified.
- Go to the Role Mappings section, on the Provisioning page.
- Click Add, to open the Role Mapping dialog box.
- Select a Role.
Click Add and select a Destination Group from the drop-down list.
A Destination Group (named after the selected role), automatically populates the list of groups available from the drop-down list. If that Destination Group is selected:
- If the Destination Group does not exist in the application, a group is created.
- If the Destination Group already exists in the application, the existing group is used.
- User members that are associated with the role are added as members of the Destination Group.
(Optional) Type in a new group name, to map the group to the selected role. The newly created Destination Group is also created in the application. If the role is removed from role mapping, the Destination Group remains within the application, without affecting existing membership.
Changing the role or role name only affects group creation if the group name in the role mapping is also changed.
(Optional) Add more Destination Groups, if desired, by repeating the previous two steps.
Click Done to save the role mapping and return to the Provisioning page.
Continue adding role mappings, as desired.
- To change a mapping, select the role mapping and click Modify from the Actions list.
- To remove a mapping, select the role mapping and click Delete from the Actions list.
- When role mapping is complete, click Save to save the provisioning details.
Any time role mapping provisioning changes, the Idaptive Identity Platform automatically runs a synchronization. If desired, you can run a preview synchronization or a real synchronization.