Identity Cloud

Manage scopes

Identity Governance allows you to centrally manage end-user access to resources across your organization using scopes. Administrators can create and manage filtering rules to ensure users have access to only the resources required.

View scopes

  • On the Identity Cloud admin UI, click Governance > Scopes. The page appears with a list of scopes. If no scopes are present, the page displays a New Scopes button.

    governance scopes
    • 1 Click the New Scopes button to add a new policy.

    • 2 Search scopes. Search by scope name, status, or description, case insensitive.

    • 3 Name: Name of the policy. This is a required field.

    • 4 Status: Current status of the scope, either Inactive and Active. You can sort the list in ascending or descending order by clicking the up or down triangles.

    • 5 Ellipsis (). Click to edit, deactivate (if active) or activate (if inactive), or delete the scope.

Add scopes

  1. On the Identity Cloud admin UI, click Governance > Scopes.

  2. Click the New Scopes.

  3. On the New Scope Details page, enter the scope details, and then click Next:

    Field Description

    Name

    Enter a name for your scope. Follow any naming convention established by your company.

    Description

    Optional. Enter a general description for the new scope.

  4. On the New Scope Applies to page, do the following:

    1. Use the filter to define which users should have this scope. Select or enter the properties, and then click to add the filter.

      Field Description

      Select entitlements if Any or All conditions are met.

      Select either Any or All.

      Select a property

      Values include:

      • _id

      • accountStatus

      • city

      • cn

      • country

      • descriptions

      • frIndexedDate[1-5]

      • frIndexedString[1-5]

      • frUnindexedDate[1-5]

      • frUnindexedString[1-5]

      • givenName

      • mail

      • password

      • passwordExpirationTime

      • passwordLastChangedTie

      • postalAddress

      • postalCode

      • profileImage

      • sn

      • stateProvince

      • telephoneNumber

      • userName

      Connector

      Values include:

      • contains

      • does not contain

      • is

      • is not

      • starts with

      • ends with

      Attribute Value

      Enter an attribute.

    2. Click Next to continue.

  5. On the New Scope Access page, do the following:

    1. Select the applications, entitlements and/or roles resources which users are allowed to access:

      Field Description

      Applications

      Select one of the following:

      • All Applications

      • Applications matching a filter. The page displays a filter to match the applications.

      Entitlements

      Select one of the following:

      • All Entitlements

      • Entitlements matching a filter. The page displays a filter to match the entitlements.

      Roles

      Select one of the following:

      • All Roles

      • Roles matching a filter. The page displays a filter to match the roles.

    2. Click Save. The Scopes page displays the new scope.

Edit scopes

  1. On the Identity Cloud admin UI, click Governance > Scopes.

  2. On the Scopes page, click the ellipsis () for a policy, and then click Edit to change any aspect of a scope.

    1. Click Save to keep your changes.

    2. Click Deactivate to disable the scope, or click Activate to enable the scope for use.

    3. Click Remove to remove the rule from the policy.

Copyright © 2010-2024 ForgeRock, all rights reserved.