Access settings allow you to specify which user accounts are trustees for the different Identity Applications pages within the client. When a trustee logs in, the application displays the page that has been provisioned. Otherwise, the page remains hidden to the logged in user. You can add users, groups, roles and containers as trustees.
To control user access, select the client, then Access.
When configuring user access, you should consider the following conditions:
Make sure that the users specified in Trustees are having sufficient Identity Vault rights to perform tasks within the Identity Applications. However, the trustees can access the page but operations on the page will fail if they do not have the proper Identity Vault rights.
Each Navigation item has a set of default trustees suitable for the services that can be accessed through that page. However, if you remove all trustees for a navigation item, every user will be able to access that page.
If a user does not have access to the default navigation (or to the default menu item within a navigation area), the application redirects the user to the Dashboard page. The application might also display an error message, such as when a user attempts to login to page without proper authorization. The user can log in but will be directed to the Dashboard page.
When a user is in proxy mode, the application provides access according to the permissions for the account being proxied, as opposed to the permissions for the logged in user. The proxy can perform tasks on behalf of the other user but does not assume any of the role-type permissions. For example, a user cannot perform Domain Administrator functions on behalf of a Domain Administrator unless that user also has that role.
Before configuring user access, review Considerations for Configuring User Access.
Expand the required Page item that you want to provision access to the users, groups, roles, or containers.
Navigation items are listed based on the look and accessibility of the page in Identity Applications user interface.
Specify one or more trustees for the selected Page item.
For example, roles such as Helpdesk or IT Operators should be trustees for Groups. Expand People > Groups item and assign trustees to this page item.
NOTE:Password Sync Status is listed under People item. You should expand People item to modify trustees for Password Sync Status.
In some cases, you might specify a user as a trustee but the application does not display that user’s name in the trustee list. This occurs because that user is a member of a group or a role that is already listed as a trustee. The application does not list the user twice.
Select OK.
To make one of the navigation items the default for that type of page item, enable Area default for that item.
Click Save.