Managing Identity Attributes
    • 10 Sep 2024
    • 2 Minutes to read
    • Dark
      Light
    • PDF

    Managing Identity Attributes

    • Dark
      Light
    • PDF

    Article summary

    When building Policies and assigning them to Dynamic Groups, it is common to use Identity Attributes (such as Department, Title, etc.) as a way of determining who will be granted or denied access to an Asset. You can manage the Identity Attributes on the Identity Workspace Settings screen and then apply them in an Authorization Workspace.

    The Platform includes some predefined Attributes. You can also add new Attributes at any time. Attributes are configured with some general parameters (such as Key, Display Name, Description, and whether the Attribute is Active), as well as parameters related to how the Attribute is used (whether it can be included in Policies, in Access Requests, etc.).

    When creating a new Attribute, the JSON Path parameter can be used to define the path from which the Platform can extract Identity Attribute values from the Authorization JWT. For more information, see Authorization APIs.

    Creating a New Attribute

    Attributes can be added to help create more fine-grained Policies. When you are ready to use the Attribute, verify that you have enabled the Can be Used in Access Request field in the Identity Workspace Settings screen. Note that Attributes are specific to the Identity Workspace in which it is created and not shared with other Workspaces.

    To create a new Identity Attribute:

    1. In an Identity Workspace, open the Settings Settings screen, and click Identity Attributes. The Attributes List opens, displaying all currently defined Attributes.
    2. Click New Attribute.
    3. In the General section:
      1. Enter the Key used to identify the new Attribute (required).
      2. Enter the Display Name. This is the name that will be visible in the Attributes list. At this point, the new Attribute will already appear in the Attributes list.
      3. Set the Status slider to Active or Inactive.
      4. In the Attribute Description field, enter details or information about the Attribute (optional).
    4. In the Attribute Usage Settings section:
      1. Set whether the new Attribute is Available for Policies.
      2. Set whether the new Attribute Can be used in Access Requests.
      3. Specify the Request Name.
      4. Define the JSON Path.
      5. Select whether the Attribute Type requires a String or Numeric value.
    5. Click Create to create the new Attribute.

    Changing the Active Status of an Attribute

    By default, new Attributes are given the status of Active. You can change this status to Inactive as needed.

    To activate or deactivate an Attribute:

    1. In the Identity Workspace Settings screen, click Identity Attributes. The Attributes List opens, displaying all currently defined Attributes.
    2. Locate the Attribute you wish to activate or deactivate and click Edit.
    3. In the General section, click the Active slider. Blue indicates the Attribute status is Active. Gray indicates the Attribute is Inactive.
    4. Click Save.

    Was this article helpful?