Configure Access Control based on Identity Director services

After you have configured a Service Template and Service Publication in Identity Director, and Identity Director Integration in Workspace Control, you can start assigning Access Control based on Identity Director services.

In the Workspace Control Console at Composition > Applications, you can configure access control for a managed application to be based on an Identity Director service.

On the Access Control > Identity tab of the Edit application window, for Type, select Identity Director Service.

  1. On the Access Control > Identity tab of the Edit application window, for Type, select Identity Director Service.
    Access Control > Identity tab of the Edit application window

  2. Select the service you want to use as an access principle.
    • To use an existing Identity Director service as an access principle, select it from the list of Available Services.
    • To create a new Identity Director service and use it as an access principle, click New Service to start the Identity Director Service wizard.

      This wizard helps you create, customize and publish the new service.
      Specify service properties in the Identity Director Service Wizard
      In the wizard, you can specify:

      • The service template on which the new service will be based.
      • The name of the new service.
      • The category in which the new service will be placed in the Identity Director Management Portal.
      • The qualification criteria to the new service.

      Summary of configured settings in the Identity Director Service Wizard

After you save your changes, access to the application will be restricted to users who are subscribed to the selected service.

To use an Identity Director service as an access principle in the Access Control settings of an object other than an application, edit the object in the Workspace Control Console.

  1. On the Access Control tab, click Add in the Identity area and select Identity Director Service.

    List of Identity access criteria that can be selected

  2. Next, choose an existing service as access principle or create a new one.

    Window to select an Identity Director service

    • To use an existing service, select it from the list.
      • Select Replace current access control to let the new service overrule the current Access Control rules.
      • Clear the option to add it to the existing list of Access Control rules.
    • To create a new service, click New Service. to start the Identity Director Service Wizard.

After you save your changes, access to the object will be restricted to users who are subscribed to the selected service.