Create a Dynamic Role
  • 16 May 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Create a Dynamic Role

  • Dark
    Light
  • PDF

Article summary

In the Dynamic role, users are added by their Attribute Condition. We can add multiple attributes and use AND/OR conditions to differentiate and add to the role.

Create a Dynamic Role

  1. Navigate to Roles from the menu.

  2.  Click Add Role. The Add Role screen appears.

  3. Role Name: Specify the Role Name.

  4. Role Type: Select Dynamic from the drop-down.

  5. Role-Based Menu: 

    • Yes -A role cannot be mapped to any SSO/IGA applications for authorization.

    • No - A role can be mapped to any of the SSO/IGA applications for authorization.

  6.  Select an attribute from the drop-down. This will filter users with the same attribute and match with value.

  7. Define the conditions:

    • Equals to: Check if the attribute value and user value are equal. 

    • Not Equal to: Check if the attribute and user values are not equal, then consider it. 

    • Starts with: Checks if the user value starts with that attribute value specified. 

    • End with: Checks if the user valuse end with that attribute value specified, then considers it.

    • Greater than: Checks if the value present is greater than the specified value. 

    • Less than: Checks if the value present is lower than the specified value. 

    • Contains: Checks if the specified value is at least present in the user value. 

    • Expression: Write an expression to fetch that user’s value and compare. It uses equal to here. Example: function getVal() 



      department=user.getAttribute('department'); 


      return department; 


       

  8. Enter the string from which you want the users to be filtered.

  9. Check the Match All Conditions check box to consider all the conditions it uses AND condition if checked otherwise, OR condition is used. 

  10. Click Add. A Role added successfully” confirmation message appears.

  11. Click Close.

Information:

The input for any Attribute is case-insensitive.

Configure a Dynamic Role without Role Based Menu

  1. Once the role is added, search and select the role.

  2. Role Details is the default screen.

  3. Role Name: You can edit the existing role name.

  4. Role Description: Provide the role explanation like what the role consists of. 

  5. Click the + icon to add attributes.

  6. You can add attributes and define conditions as shown in the image.

  7. Match all Conditions? : If you check the box, it enables AND logic. If unchecked, enable OR logic.

  8. Click Save.

Role Members

  1. Navigate to Role Members.

  2. This shows the list of members added to the role depending on the conditions defined.

Applications

  1. Click Applications.

  2. This shows the list of applications added to the role depending on the conditions defined.

Configure a Dynamic Role with Role Based Menu

  1. Once the role is added, search and select the role.

  2.  Role Details is the default screen.

  3. Role Name: You can edit the existing role name.

  4. Role Description: Provide the role explanation like what the role consists of. 

  5. Click the + icon to add attributes.

  6.  You can add attributes and define conditions as shown in the image.

  7. Match all Conditions? : If you check the box, it enables AND logic. If unchecked, enable OR logic.

  8. Click Save.

Role Members

  1. Navigate to Role Members.

  2. This shows the list of members added to the role depending on the conditions defined.

Information:

You can't add/remove users manually to a dynamic role. It will be done automatically, depending on the pass/fail conditions specified.


Was this article helpful?