Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Delegated User Management v2

search

Please Note:

Delegated User Management v2

Delegated User Management v2 allows companies to efficiently manage the access rights of external users from customer or business partner organizations. By enabling the delegation of user access management to business partner organizations, companies can scale the management of these external users and deliver a better experience to the users.

User scenarios and use cases

The following scenarios illustrate Delegated User Management capabilities:

  • Working with channel partners (brokers, distributors, resellers)

    Companies often work with channel partners who require access to their applications. Delegated User Management enables you to offload access management to trusted users at the channel partner. These partners can, in turn, manage the access requirements of their users.

  • Working with suppliers

    Many enterprises regularly outsource specific business tasks to external companies or obtain parts from suppliers. Users at these external companies need access to the enterprise's applications and services, often to collaborate with internal users. Delegated User Management enables you to manage which applications suppliers can access, and for the suppliers to manage their users and associated entitlement assignments.

  • Working with business customers

    Delegated User Management enables you to provide timely access to your services. Your organization might need to provide your business customer's users with access to some applications. To do this efficiently, you can delegate access control to a business customer's trusted user, who can then manage the access of the other users within the same customer.

Roles

A role is a collection of permissions that control what data and applications a user can access and what actions they can perform. A user can have multiple roles.

There are two types of roles:

  • Administrator roles grant users permission in the Delegated User Management application, such as example permissions to manage users, assign access roles, create and manage organizations, and so on.

  • Access roles grant users access to applications (outside of Delegated User Management), and can include specific permissions within these applications.

    Access roles include permissions to one or many applications. You define your company's access roles based on the different personas or job functions within your population of external users.

Mapping roles

Delegated User Management enables you to define administrator and access roles for the personas in your environment.

The following examples describe typical persons that you might have:

Super administrators

The super administrator role has all permissions and unrestricted access to all Delegated User Management features. Super administrators typically have an IT background. They can model organizations, roles, and applications. For example, the super administrator can add variants of the administrator role that have fewer permissions, according to your needs.

Delegated managers

Delegated managers work in a specific organization. Within their organization, they manage users and entitlements, including the user lifecycle, access roles, and organization membership. For a delegated manager persona, you define and assign an administrator role.

Process owners

Process owners manage the definition of roles, or entitlements, to meet the needs of different categories of business users. They can use Delegated User Management to define a set of roles that map to business personas that need to access applications or resources at third parties and customers. For a process owner persona, you define and assign an administrator role.

Application owners

Application owners manage one or more applications. They can use Delegated User Management to define a set of permissions for the application, and can also be entitled to add application permissions to access roles. For an application owner persona, you define and assign an administrator role.

Help desk users

Help desk users are a dedicated type of administrator with a narrow focus. They receive calls from users, find users, find the organizations that users belong to, check user profiles and role assignments, reset passwords, and reset some authenticators and update profile data. For a help desk persona, you define and assign an administrator role.

Business users

Business users are users from a business customer or business partner who need to access applications. For a business user personas, you define and assign access roles.

Delegation model

The tiered delegation model that is implemented in the Delegated User Management solution brings a scalable approach to the administration of access rights, which allows administrator personas (like a super user administrator, process owner, or application owner) to delegate user management and the associated role assignments.

Administration roles are propagated through the cascading of administrator roles from one user to another, within the same organization or across organization boundaries. Assigning administrator roles can be restricted in scope, for example to apply to only one organization, or to only a specific set of access roles.

On this page