Provision roles automatically
Use role provisioning rules to automatically add an account manager and grant access to the management UI based on attributes such as Active Directory group membership. Conversely, an account manager can be automatically removed if the rule that promoted the user to account manager evaluates false.
-
On the STA Token Management console, select Policy > Automation Policies > Role Provisioning Rules.
-
To add a rule, click New Rule.
-
Configure the rule:
-
Rule Name—This must be a unique name that identifies the rule.
-
Auto Revoke—If selected, the account manager that is created by this rule is automatically removed if the conditions (such as group membership) are no longer valid.
-
Containers—This is container where the user must reside for the rule to evaluate true.
-
Role—This is the role that is assigned to the account manager. The list includes all configured roles.
-
Scope—Account management groups list all configured groups. The account manager can access the groups that are included in the Applied by Rule list. Use the arrow keys to move the groups between the two lists.
-
Groups Filter—The Virtual Server groups list includes all groups in the virtual server. Users that are members of one or more of the groups in the Used by rule list will be promoted to account manager. Use the arrow keys to move groups between the two windows.
-