Manage scopes
Identity Governance allows you to centrally manage end-user access to resources across your company using scopes. Administrators can create and manage filtering rules to ensure users have access to only the resource required.
View scopes
-
On the Advanced Identity Cloud admin UI, click Governance > Scopes. The page appears with a list of scopes. If no scopes are present, the page displays a New Scopes button.
Add scopes
-
On the Advanced Identity Cloud admin UI, click Governance > Scopes.
-
Click the New Scopes.
-
On the New Scope Details page, enter the scope details, and then click Next:
Field Description Name
Enter a name for your scope. Follow any naming convention established by your company.
Description (Optional)
Enter a general description for the new scope.
-
On the New Scope Applies to page, do the following:
-
Use the filter to define which users should have this scope. Select or enter the properties, and then click to add the filter.
Field Description Select entitlements if
Any
orAll
conditions are met.Select either Any or All.
Select a property
Select any custom or out-of-the-box user attribute.
Operator
Values include:
-
contains
-
does not contain
-
is
-
is not
-
starts with
-
ends with
Attribute Value
Enter an attribute.
-
-
Click Next to continue.
-
-
On the New Scope Access page, select the applications, entitlements and/or roles resources which users are allowed to access:
Field Description Applications
Select one of the following:
-
All Applications
-
Applications matching a filter. The page displays a filter to match the applications.
Entitlements
Select one of the following:
-
All Entitlements
-
Entitlements matching a filter. The page displays a filter to match the entitlements.
Roles
Select one of the following:
-
All Roles
-
Roles matching a filter. The page displays a filter to match the roles.
-
Click Save. The Scopes page displays the new scope.
-
Edit scopes
-
On the Advanced Identity Cloud admin UI, click Governance > Scopes.
-
On the Scopes page, click the ellipsis () for a policy, and then click Edit to change any aspect of a scope.
-
Click Save to keep your changes.
-
Click Deactivate to disable the scope, or click Activate to enable the scope for use.
-
Click Remove to remove the rule from the policy.
-