RapidIdentity Administrators' and Users' Guide

Create a Delegation

Delegations can be created to define which roles or members with similar attributes have access to change and/or audit other roles and what actions are permitted with this access. See Delegations for details.

The following steps assist in establishing a delegation.

  1. Log into RapidIdentity through a web browser: https://<your-host-name>

  2. Select the People module from the top navigation drop down.

    2020-01-20_8-57-25.png

  3. Click Settings at the bottom of the left navigation bar and choose Delegations.

    Delegations.png

  4. Click the Add Delegation + button from the upper right section of the window.

    Add_Delegation_Button.png

  5. The Delegation configuration options will open, beginning with the General tab.

    Delegations_General_Tab_Checks.png

    1. Check the box next to Enabled.

    2. Select the appropriate Type from the drop-down list.

      1. My - This applies on My Profile.

      2. Custom - applies on select profiles. When setting up a custom delegation, it will be necessary to identify the Delegation Target(s), which is defined as the user(s) who are visible in the delegation.

        delegation_Target.png

      3. Target Attribute ACL Base DN: This section tells the server where to search for these specific users. Select the Role that will be visible in this delegation using the drop-down box.

      4. Target Attribute ACL: Define the employee types that will be visible in the delegation.

        Example: (employeeType=Staff)

    3. Enter a Name for the delegation in the Name input field.

    4. Enter a description of the delegation (optional).

    5. Check Preload All Results to ensure all members of the delegation are visible when viewing the delegation list. This can be skipped if it is expected that many people will be included in this delegation list.

      Note

      If left disabled, the delegation will appear empty until a search is done on the delegation.

    6. Scroll down to the Delegation Source and check the box next to Enable ABAC for users within this delegation who have direct reports.

      enable_abac.png

      Note

      ABAC (Attribute-Based Access Control) is a module that can control access based on three different attribute types: user attributes, attributes associated with the application or system to be accessed, and current environmental conditions.

      When selected, the Source Attribute ACL field will need to be filled in. This is the attribute defining who can view the delegation upon login.

      Example: (sAMAccountName=administrator)

    7. Check the box next to Enable Appliance Roles to define which role can view the delegation.

      Enable_Appliance_Roles.png

  6. Once configuration is completed in the General tab, click on the Actions tab. This section is where we specify what action in a delegation that person will be able to see or take on another user's account. Select the appropriate actions and click on the Attributes button.

    Delegation_Actions.png

  7. This is where the attributes that will show up in the delegation are identified. Click on the Add Another Attribute button.

    Add_Attribute.png

  8. Identify the attributes that will show up in the delegation by selecting them from the drop-down list.

    Attribute.png

  9. Click on the Create button to complete the delegation creation.

    Create.png
In this section: