Role that manages 1 attribute for all users iga 4.2

Hi,

Is it possible to create a Technical role in IG  that give a users or group of users the ability to set login disabled to all users or a group of users?

/Lennart

  • 0  

    Ooh, that's an interesting use-case.   Let's expand on some details.

    Are you looking for a way to grant access to a user or group of users (let's call them helpdesk) the ability to set the loginDisabled attribute on other users in a directory such as eDirector or Active Directory?   Or are you asking if there is a way for a user assigned to a role in IG to automatically have their login Disabled attribute changed by IG? 

    Another way to ask this is if IG is granting access for others to make the change, or do you want IG to perform the login disabled change.

    --Jim

  • 0 in reply to   

    Hello Jim,

    I was looking for a way to enable a helpdesk user to be able to set the loginDisabled attribute in E-dir and my guess is that IG will grant users rights to set/unset loginDisabled

    Thanks

    Lennart

  • Verified Answer

    +1   in reply to 

    Can you create a group that grants rights to the set of users, and grants the right to modify the loginDisable attr?

    If you can create a group, then you can manage that group membership in IG.   IG can collect the accounts, the permissions (in this case this group) and the assignments (members) and you can review it, but also you can enable requests of the permission in IG, and then use fulfillment from IG to change the membership after approval.

    Those are all things you can do out of the box with configuration.  Let me know if you have any questions about pieces of that.

    --Jim

  • 0 in reply to   

    Will try tomorrow

    Thanks a lot

    /Lennart