000037639 - How to define a Request Button in RSA Identity Governance & Lifecycle to allow single or multiple user selection based on Application/Directory name

Document created by RSA Customer Support Employee on Jun 20, 2019Last modified by RSA Customer Support Employee on Jun 20, 2019
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000037639
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.2, 7.1.0, 7.1.1

 
IssueThis knowledge base article describes several methods to define a Request Button in RSA Identity Governance & Lifecycle to allow single or multiple user selection based on the Application/Directory name.





 
Tasks

PART 1:  Restricting the user selection to one or multiple users.


The key here is in the example below. When defining a Request Form (in the RSA Identity Governance & Lifecycle User Interface go to Requests > Configuration > Request Forms tab > Create Form), there are two options under 'Changes apply to:'
 
One user with the following attributes: All
Multiple users with the following attributes: All


Toggle 'One user' if you want to restrict the user granting access to only choose one user from the list. Toggle 'Multiple users' if the user granting access may grant access to more than one user on the list. The 'All' attribute may be changed to some other attribute which will restrict who shows on the list. But it does not control how many users may be selected from the list.
 
User-added image

 

PART 2:  Restricting the user selection to one or multiple users based on the Application/Directory name.


Create a field on the Request Form with Control Type: "Entitlement Table with Actions" and add an Entitlement Rule that defines the application/directory or applications/directories that you want associated with this form. See example below.
 
User-added image
Resolution

PART 3: Implementation


Below are some example use cases. This is not an exhaustive list.


Use Case 1:



In this use case, you have applications that require selecting a single user only and applications that allow multiple user selection. Users choose a form based on whether a single or multiple user may be selected.

Create two Global Request Forms as shown above (one that restricts selection to a single user and the relevant applications and one that allows multiple user selection and the relevant applications.) Create a Request Form Button from which either Request Form may be selected (in the RSA Identity Governance & Lifecycle User Interface go to Requests > Configuration > Request Buttons tab > New).  Under 'Include' define the two Request Forms.
 


User-added image


 


Result:



When a user clicks on the 'Grant User Access" button they can choose between Single and Multiple forms.
 


User-added image



 


User-added image

 

Use Case 2:



Allow the user to choose from a list of applications/directories rather than two different forms. In this case, create a Global Request Form as shown above for each application/directory and add each Request Form to the relevant application/directory Requests tab definition. (In the RSA Identity Governance & Lifecycle User Interface, go to Resources > Applications/Directories > [name of application/directory]  > Requests tab > Edit Request Form Associations.) Then create a Request Form Button that presents a list of applications from which to choose (in the RSA Identity Governance & Lifecycle User Interface go to Requests > Configuration > Request Buttons tab > New). Under 'Include:' define each application/directory Request Form.



User-added image


 


User-added image

User-added image
 

 

User-added image

 

Result:



User-added image



Use Case 3:



If there are very few applications/directories that need only one user at a time chosen, you can create a Global Request Form as shown above for just those applications/directories (one for each) and associate the Request Form within the Application/Directory Requests tab. (In the RSA Identity Governance & Lifecycle User Interface, go to Resources > Applications/Directories > [name of application/directory]  > Requests tab > Edit Request Form Associations.) Then use a default application/directory form for the other applications/directories and create a Request Form Button that presents a list of applications/directories or default forms from which to choose.

Create the individual Global Request Forms as shown above for each application/directory that requires a single user selection. For the remaining application/directories that allow multiple user selections, create two Request Forms: one of type "Application" and one of type "Directory" and define them in the Requests Configuration as the default Application Form and default Directory Form respectively. (In the RSA Identity Governance & Lifecycle User Interface, go to Requests > Configuration > Settings.) Instead of defining the applications/directories in a field in the Request Form, simply define the application/directories in the Request Button definition under 'Include:' Applications:' and 'Directories.'

 

User-added image


User-added image


User-added image

 

User-added image

 

Result:



  User-added image

Attachments

    Outcomes