Configurations
Create Business Roles and Access Profiles to govern user access assignments
Overview
Access Profiles and Business Roles enable you to define collections of entitlements that map to a range of positions, teams, and responsibilities users can have within an organization.
Access Profiles are collections of group assignments.
Business Roles are collections of Access Profiles, usually mapping to specific job responsibilities.
As part of configuring your overall lifecycle management framework, you should create Access Profiles and Business Roles that align with the logical structure of your organization and environment, to enable the desired group assignments for users provisioned by Veza,
Create an Access Profile
To add an Access Profile, go to Lifecycle Management > Configurations > Access Profile > Add Access Profile.
Under Configuration, add a name and description.
Under Groups, click Add New Group. The list will update based on AD groups Veza has discovered. Repeat this process until you've enabled all the groups in scope for the Access Profile.
Review the Summary and click Create to save your changes.
Create a Business Role
To add a Business Role, go to Lifecycle Management > Configurations > Business Role > Add Business Role.
Under Configuration, add a name and description.
Under Access Profile, click Add Access Profiles. A modal will appear showing all available Access Profiles. Pick the profiles to associate with the role, and click Confirm.
Review the summary and click Save when finished.
Create a Shared Attribute Mapping
To add a Business Role, go to Lifecycle Management > Configurations > Business Role > Shared Attribute Mappings.
In the Configuration section, enter a name and description for the mapping. Then, select the source and destination providers using the dropdown menus.
Move to the Attribute Mapping section. Here, you'll see a list of potential destination attributes for the users in the target provisioning system.
For each attribute you want to update, input a custom value or select a source user profile attribute by enclosing its name in
{brackets}
. Begin typing{
to see a list of available source properties.Review the mapping summary and click Save when finished.
View or Edit an Access Profile, Shared Attribute Mapping, or Business Role
Hover over a saved Shared Attribute Mapping, Business Role, or Access Profile on the Configurations page to View Details or Edit an existing entry.
Last updated