Identity Cloud

Governance glossary

In Identity Governance, you can use the governance glossary to attach custom attributes (metadata) to applications, entitlements, or roles to enhance certifications or access requests.

When using the governance glossary, you can create the following custom attributes:

Typical steps to make use of a governance glossary attribute

  1. Create governance glossary attribute (application, entitlement, or role).

  2. Populate the governance glossary attribute you create. For example, if you create an application glossary attribute, the attribute will appear on every target application in the Details tab.

  3. Use the attribute you create to:

    1. Filter on what you would like to certify when you create a template.

    2. Allow the end user to filter on the attribute in applications, entitlements, or roles when they request access.

Example of when to use the governance glossary

If you are already familiar with the use case(s) of governance glossary, start with Create a governance glossary attribute.

There are many scenarios in which using identity glossary attributes can provide useful business logic to make decisions.

Oftentimes, organizations have specific attributes to track users' entitlements from applications.

An example could be that you want to attach a risk score to each entitlement pulled into Identity Cloud. This could be to determine the sensitivity of the entitlement (privilege) in the target application.

Steps:

  1. From the Identity Cloud admin UI, click Glossary.

  2. Click Entitlement > + Entitlement Glossary Item.

  3. Enter the following values:

    1. Name - riskScore

    2. Display Name - Risk score

    3. Type - Number

      For more information, refer to create entitlement attribute.

  4. Once you create the entitlement glossary attribute, it displays as metadata for each entitlement. To view this metadata in an entitlement, go to Entitlements > Select entitlement to view the attribute under the Details tab.

  5. Assign a risk score of 80 using the newly created Risk score attribute. The higher the risk score for an entitlement, the more sensitive operations that entitlement allows.

Now that you have created an entitlement glossary attribute and enriched existing entitlements with the Risk score attribute, you can leverage this new business-relevant data.

For example, you can create an entitlement assignment certification template that filters the template to show entitlements to review that have a Risk score of 75 or higher. This allows you to certify highly-sensitive entitlements.

This is just one scenario in which the identity glossary can be used. Create identity glossary attributes for applications, entitlements, or roles to suit your business cases.

Create a governance glossary attribute

To access the governance glossary, navigate to Glossary from the left navigation pane in the Identity Cloud admin UI.

Create governance glossary attributes for:

Create an application glossary attribute

To create an application glossary attribute:

  1. Select Application from the left pane in the table.

  2. Select + Application Glossary Item.

  3. Enter details for the item:

    Field Description

    Name

    The backend name of the attribute.

    Display Name

    The name that displays on the Details tab of the target application.

    Description

    The rationale for the attribute.

    Type

    The data type of the attribute. The data type you select changes the way it displays in the application’s Details tab and the actions you can take.

    Select one of the following:

    • String

    • Number

    • Boolean — A checkbox. Checking the box corresponds to true.

    • Date — A date field (mm/dd/yyyy).

    • User — Select from existing users.

    • Role — Select from existing roles.

    • Organziation — Select from existing organizations.

  4. Depending on the data type chosen, optional settings appear:

    • Multi-Valued — Lets you have more than one value when you populate the attribute, an array. For example, if you select the User type in step 3, you can select multiple users instead of one.

    • Enumerated Values — When you are populating the attribute on the application, create fixed values to choose from:

      • Select the + icon.

      • Fill out the text and value for the item.

        The text displays as the human-readable option to select. The value is the actual value saved to the backend.

      • If desired, add more values.

  5. Click Show advanced settings and optionally select Searchable. This allows an end user to search using this attribute when requesting access to the application.

  6. Click Save.

The application glossary attribute displays in the Details tab of every target application.

The following video shows an example:

Create an entitlement glossary attribute

To create an entitlement glossary attribute:

  1. Select Entitlement from the left pane in the table.

  2. Select + Entitlement Glossary Item.

  3. Enter details for the item:

    Field Description

    Name

    The backend name of the attribute.

    Display Name

    The name that displays on the Details tab of each entitlement.

    Description

    The rationale for the attribute.

    Type

    The data type of the attribute. The data type you select changes the way it displays each entitlement and the actions you can take.

    Select one of the following:

    • String

    • Number

    • Boolean — A checkbox. Checking the box corresponds to true.

    • Date — A date field (mm/dd/yyyy).

    • User — Select from existing users.

    • Role — Select from existing roles.

    • Organziation — Select from existing organizations.

  4. Depending on the data type chosen, optional settings appear:

    • Multi-Valued — Lets you have more than one value when you populate the attribute, an array. For example, if you select the User type in step 3, you can select multiple users instead of one.

    • Enumerated Values — When you are populating the attribute on the entitlement, create fixed values to choose from:

      • Select the + icon.

      • Fill out the text and value for the item.

        The text displays as the human-readable option to select. The value is the actual value saved to the backend.

      • If desired, add more values.

  5. Click Show advanced settings and optionally select Searchable. This allows an end user to search using this attribute when requesting access to the entitlement.

  6. Click Save.

The entitlement glossary attribute displays in every onboarded entitlement. From the Identity Cloud admin UI, go to Entitlements > Select entitlement > Details tab to view the newly created entitlement attribute.

The following video shows an example:

Create role glossary attribute

To create a role glossary attribute:

  1. Select Role from the left pane in the table.

  2. Select + Role Glossary Item.

  3. Enter details for the item:

    Field Description

    Name

    The backend name of the attribute.

    Display Name

    The name that displays on the Details tab of each role.

    Description

    The rationale for the attribute.

    Type

    The data type of the attribute. The data type you select changes the way it displays each role and the actions you can take.

    Select one of the following:

    • String

    • Number

    • Boolean — A checkbox. Checking the box corresponds to true.

    • Date — A date field (mm/dd/yyyy).

    • User — Select from existing users.

    • Role — Select from existing roles.

    • Organziation — Select from existing organizations.

  4. Depending on the data type chosen, optional settings appear:

    • Multi-Valued — Lets you have more than one value when you populate the attribute, an array. For example, if you select the User type in step 3, you can select multiple users instead of one.

    • Enumerated Values — When you are populating the attribute on the role, create fixed values to choose from:

      • Select the + icon.

      • Fill out the text and value for the item.

        The text displays as the human-readable option to select. The value is the actual value saved to the backend.

      • If desired, add more values.

  5. Click Show advanced settings and select any of the following:

  6. Click Show advanced settings and optionally select Searchable. This allows an end user to search using this attribute when requesting access to the entitlement.

  7. Click Save.

The role glossary attribute displays in every role. From the Identity Cloud admin UI, go to Manage > Identities > Select role > Details tab to view the newly created role attribute.

The following video shows an example:

Delete a governance glossary attribute

To delete a governance glossary attribute:

  1. From the Identity Cloud admin UI, click Glossary.

  2. Select one of the following tabs:

    • Application

    • Entitlement

    • Role

  3. Select next to the governance glossary attribute you want to delete.

  4. Select Delete.

  5. Click Delete again to confirm the deletion.

    This action cannot be undone.
Copyright © 2010-2024 ForgeRock, all rights reserved.