Configure Access Control based on Identity Director services
After you have configured a Service Template and Service Publication in Identity Director, and Identity Director Integration in Workspace Control, you can start assigning Access Control based on Identity Director services.
In the Workspace Control Console at Composition > Applications, you can configure access control for a managed application to be based on an Identity Director service.
On the Access Control > Identity tab of the Edit application window, for Type, select Identity Director Service.
-
On the Access Control > Identity tab of the Edit application window, for Type, select Identity Director Service.
- Select the service you want to use as an access principle.
- To use an existing Identity Director service as an access principle, select it from the list of Available Services.
-
To create a new Identity Director service and use it as an access principle, click New Service to start the Identity Director Service wizard.
What does the Identity Director Service Wizard do?
This wizard helps you create, customize and publish the new service.
In the wizard, you can specify:- The service template on which the new service will be based.
- The name of the new service.
- The category in which the new service will be placed in the Identity Director Management Portal.
- The qualification criteria to the new service.
After you save your changes, access to the application will be restricted to users who are subscribed to the selected service.
To use an Identity Director service as an access principle in the Access Control settings of an object other than an application, edit the object in the Workspace Control Console.
- On the Access Control tab, click Add in the Identity area and select Identity Director Service.
- Next, choose an existing service as access principle or create a new one.
- To use an existing service, select it from the list.
- Select Replace current access control to let the new service overrule the current Access Control rules.
- Clear the option to add it to the existing list of Access Control rules.
- To create a new service, click New Service. to start the Identity Director Service Wizard.
- To use an existing service, select it from the list.
After you save your changes, access to the object will be restricted to users who are subscribed to the selected service.