LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-09 20:37:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cc89ffcaf4c6568043c6bff49212f3d6d62d7c2d
developer.sailpoint.com/docs/sailpoint-api-beta/access-profiles.tag.mdx
philip-ellis-sp 81e13234bd created
2022-08-16 16:59:27 -04:00

54 lines
2.9 KiB
Plaintext
Raw Blame History

---
id: access-profiles
title: Access Profiles
description: Access Profiles
---
Use this API to implement and customize access profile functionality.
With this functionality in place, administrators can create access profiles and configure them for use throughout IdentityNow, enabling users to get the access they need quickly and securely.
Access profiles group entitlements, which represent access rights on sources.
For example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.
An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.
When users only need Active Directory employee access, they can request access to the 'Employees' entitlement.
When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.
Access profiles are the most important units of access in IdentityNow. IdentityNow uses access profiles in many features, including the following:
- Provisioning: When you use the Provisioning Service, lifecycle states and roles both grant access to users in the form of access profiles.
- Certifications: You can approve or revoke access profiles in certification campaigns, just like entitlements.
- Access Requests: You can assign access profiles to applications, and when a user requests access to the app associated with an access profile and someone approves the request, access is granted to both the application and its associated access profile.
- Roles: You can group one or more access profiles into a role to quickly assign access items based on an identity's role.
In IdentityNow, administrators can use the Access drop-down menu and select Access Profiles to view, configure, and delete existing access profiles, as well as create new ones.
Administrators can enable and disable an access profile, and they can also make the following configurations:
- Manage Entitlements: Manage the profile's access by adding and removing entitlements.
- Access Requests: Configure access profiles to be requestable and establish an approval process for any requests that the access profile be granted or revoked.
Do not configure an access profile to be requestable without first establishing a secure access request approval process for the access profile.
- Multiple Account Options: Define the logic IdentityNow uses to provision access to an identity with multiple accounts on the source.
Refer to the following link for more information about access profiles.
```mdx-code-block
import DocCardList from '@theme/DocCardList';
import {useCurrentSidebarCategory} from '@docusaurus/theme-common';
<DocCardList items={useCurrentSidebarCategory().items}/>
```
Reference in New Issue View Git Blame Copy Permalink