Manage users and roles
|
The topics in this section are for tenants created on or after January 12, 2023. Refer to Application management migration FAQ. |
The Users & Roles tab show all users and roles assigned to an application either through a role or direct assignment.
Use the tab to manage and view the end users in your organization that can access applications. After you establish the server connection, you can use Identity Cloud to add, edit, and remove users directly from the application. To make it easier to set up access for groups of end users, you can create roles with specific access privileges and assign them to the appropriate end users.
You can also map end users to one or more target system object properties. For more information, refer to Map target system object properties to Identity Cloud.
|
You can assign a user or role to an OIDC or SAML 2.0 application without setting up mappings or provisioning. |
-
For more information about mappings, refer to Manage mappings to and from Identity Cloud.
-
For more information about provisioning, refer to Provision an application.
Add a user to a target application
You can add a user to a target application if, for example, a new employee joins your organization and should have access to the application.
-
On the Users & Roles tab, click Users.
-
Click Assign Users.
-
In the Members drop-down field, select an end user.
-
Click Next.
-
Specify the account details as they should exist in the external system for the user.
-
Click Assign.
Manage target applications associated with a user
You can add, edit, or revoke all target applications, including OIDC and SAMLv2 applications associated with a user.
-
In the Identity Cloud admin UI, navigate to Identities > Manage > Alpha realm - Users.
-
Click a user.
-
Click Applications.
-
To view information about an application, click the application.
-
To add an application, click + Add Application and follow the steps.
-
To revoke an application, click the ellipsis (…) to the right of the application, and select Revoke.
Add a role to an application
You can add a role to the application if, for example, a new role is added to your organization that needs access to the application.
-
On the Users & Roles tab, click Roles.
-
Click Assign Roles.
-
In the Roles drop-down field, choose a role.
-
If one or more properties are not set as 'user-specific', specify account details as they should exist in the external system. For instructions about how to set or unset a property as 'user-specific', see Add or edit a property.
-
Click Assign.
View all target applications associated with a role
You can view all target applications associated with a role, including OIDC and SAMLv2 applications.
-
In the Identity Cloud admin UI, navigate to Identities > Manage > Alpha realm - Roles.
-
Click a role.
-
Click Applications.
-
To view information about an application, click the application.
View an end-user account
The Assignment column shows how a user is assigned to an application:
-
Direct: The user is assigned directly to an application.
-
Role-based: The user is part of a role assigned to the application.
You can view information about a user account that has access to an application.
-
On the Users & Roles tab, click Users.
-
Click an end user.
| You cannot directly edit a user who was added to an application via a role. |
Remove an end user from an application
You can remove an end user from an application if, for example, a user leaves your company.
-
On the Users & Roles tab, click Users.
-
To the right of the user, click the ellipsis (...).
-
Select Revoke.
| You cannot directly revoke a user from an application if the user was added via a role. In this case, to revoke the user, remove the user from the role. |