Users
Users allow administrators to define how various objects are viewed in most modules and searches; module-specific settings may override these configurations.
 |
If User Base DN is unknown, clicking the magnifying glass generates the LDAP directory tree.
If the User filter is unknown, clicking the magnifying glass generates the LDAP criteria builder.
Groups
Groups control how group objects are viewed in most modules and searches; module-specific settings may override these. The magnifying glasses in this content area functions identically to Users.
 |
Field Name | Description |
|---|---|
Name Attribute | The attribute from the global attribute list that is used to display group names. |
Description Attribute | The attribute from the global attribute list that is used to display group descriptions, usually as tooltips. |
Groups Base DN | DN of the top level groups container. The built-in object browser makes finding the value required for this field easier. |
Group Object Class | The object class used for groups in your directory. |
Group Base Filter | The filter used to find groups that are visible to RapidIdentity Portal. |
Support Nested Groups | Allows groups to contain other groups as members. This is a powerful feature, however, enabling this functionality will impact performance resulting in slower lookup operations for all groups. |
Groups Back Referenced on User Object | In eDirectory and OpenLDAP environments, it is possible for a user object to be a member of a group object and that membership not be reflected on the user object itself. Not accounting for this behavior can result in unexpected results. To account for this RapidIdentity Portal, by default, will always validate user group membership. For eDirectory, if your tree is managed in such a way as to ensure that all group membership is reflected in attributes on the user objects directly, enabling this option can result in a performance increase for group lookups. |
Roles
RapidIdentity uses Roles to manage access and authorization across its components and their modules.
 |
Roles maps directory groups to these roles.
The System Admin role is the only global role and defines what users can access the Configuration module in RapidIdentity Portal, RapidIdentity Connect, and RapidIdentity Folders.
This role also enables the Help Desk role in RapidIdentity Portal. The magnifying glass opens the LDAP object directory tree.
Role | Privileges |
|---|---|
RapidIdentity Connect Admin | Can see all information, create/edit/delete Action Sets, run actions, schedule jobs, manage files. |
RapidIdentity Connect Auditor | Can see all information but cannot change anything. |
RapidIdentity Connect Operator | Can see all information, run actions sets, schedule jobs, manage files, but not create/edit/delete Action Sets. |
RapidIdentity Folders Admin | Can see all information, create/edit/delete policies and templates, add users and groups to backlog, clear backlog problem queue. |
RapidIdentity Folders Auditor | Can see all information but cannot change anything. |
RapidIdentity Folders Admin | Can see all information, view policies and templates, add users and groups to backlog, clear backlog problem queue. |
RapidIdentity Portal Applications Helpdesk | Enables “Other Applications” which displays the application assignments |
RapidIdentity Portal Applications Admin | Enables “Extended” tab in Applications Module configuration. |
RapidIdentity Portal Dashboard Admin | Can see all information and can configure settings |
RapidIdentity Portal Dashboard Viewer (Executive) | Can view the Executive delegation only |
RapidIdentity Portal Dashboard Viewer (Summary & Details) | Can view the Executive tab Summary and Details delegations only |
RapidIdentity Portal Dashboard Viewer (Summary only) | Can view the Executive Summary delegation only |
RapidIdentity Portal Profiles Helpdesk | Enables “Other Accounts” tab in Profiles Module. Allows all actions on all accounts. |
RapidIdentity Portal Profiles Admin | Enables “Extended” tab in Profiles Module configuration. |
RapidIdentity Portal Reporting Admin | Can see all information, create and run reports, along with the ability to export, import, and modify reports. |
RapidIdentity Portal Reporting Viewer | Can only view Reporting module reports |
RapidIdentity Portal Role Manager | Enables “My Roles” tab. Allows for management of roles in which they are an owner or membership manager. |
RapidIdentity Portal Roles Helpdesk | Enables “Other Roles” which allows management of any group. |
RapidIdentity Portal Roles Admin | Enables “Extended” tab in Roles Module configuration. |
RapidIdentity Portal Sponsorship Helpdesk | Enables “Other Sponsorships” tab in Sponsorship module. Allows all actions on all sponsored accounts. |
RapidIdentity Portal Sponsorship Sponsor | Enables “My Sponsorships” tab in Sponsorship module. Allows creation and all actions on authenticated user's sponsored accounts. |
RapidIdentity Portal Sponsorship Admin | Enables “Extended” tab in Sponsorship module configuration. |
RapidIdentity Portal Workflow Help Desk | Enables “Other” tabs within “Dashboard”, “Requests”, “Approvals”, and “Re-attestations”. Allows all actions on all workflow requests. |
RapidIdentity Portal Workflow Admin | Enables “Extended” tab in Workflow module configuration. |
System Admin | Enables access to the Configuration module and provides Help Desk role for RapidIdentity Portal. |
Note
On initial configuration, the only role visible is System Admin. Roles for other RapidIdentity components are visible after their installation.