Assign roles to users dynamically

While this use case was validated for accuracy, it can always be improved. To provide feedback, click thumb_up or thumb_down in the top right of this page (you must be logged into Backstage).

Description

Estimated time to complete: 10 minutes

In the use case Create test users and roles, you created two users and a role and then assigned the role users to the users. In this use case, you are going to:

Assign an inactive status to one of the users
Add a condition to the role so that it applies only to active users

Goals

After completing this use case, you will know how to:

Change the properties of a user
Add a condition to a role

Prerequisites

Before you start, make sure you have:

A basic understanding of these ForgeRock concepts:
- Identity Cloud admin UI
- Identity Cloud End User UI
Completed the use case in Create test users and roles

Tasks

Task 1: Assign an inactive status to a user

In this task, you select one of the users you created in Create test users and roles and change their status to inactive.

In the Identity Cloud admin UI, go to people Identities > Manage > people Alpha realm - Users.
Click on the user acruse.
On the user details page, change the Status from the default value active to inactive and save the change.

Task 2: Add a condition to a role

In this task, you create a condition so that the role applies only to active users.

In the Identity Cloud admin UI, go to people Identities > Manage > assignment_ind Alpha Realm - Roles.
Click on the employee role and then click on Settings.

In the Condition panel, click on Set up to create the following condition for the role and save the condition:

Field Value

Field	Value
A conditional filter for this role	Enable
Assign to alpha_user if Any keyboard_arrow_down conditions are met	`Any`
Alpha_user properties keyboard_arrow_down	`Status`
contains keyboard_arrow_down	`is`
Blank	`active`

A conditional filter for this role

Enable

Assign to alpha_user if Any keyboard_arrow_down conditions are met

Any

Alpha_user properties keyboard_arrow_down

Status

contains keyboard_arrow_down

is

Blank

active

(Optional) Click on add Add Rule to add another condition and take a moment to browse the other conditions that can apply to roles.

Check in

At this point, you:

Made a user inactive

Added a condition to a role

Validation

In Create test users and roles, you created the employee role and manually assigned it to braman and acruse. To validate this use case, make sure the role is no longer assigned to acruse.

In the Identity Cloud admin UI, go to people Identities > Manage > Role Members.
Make sure braman is in the list but acruse is not.
Change the status of braman to inactive and acruse to active, then make sure acruse is in the list but braman is not.

Explore further

Reference material

Reference	Description
Roles	Information about roles
Grant roles dynamically	Information about how to assign roles over REST

Reference

Description

Roles

Information about roles

Grant roles dynamically

Information about how to assign roles over REST

Identity Cloud