RapidIdentity Product Guide

General Role Settings

The Roles Settings allows the administrator to configure specific distinguished name (DN) settings. As an Administrator, select General from the Module Settings

select_general_settings.jpg

The General Role Settings are divided into the following:

Roles Placement Base DN:

  • To configure DN settings, type the DN name or click the icon to browse for it. The search feature allows administrators to navigate and select the correct DN.

    dn_selector.jpg

Review the Configuration Module Interface Overview to configure RBAC or ABAC module visibility.

Note

The specific directory layout will likely display differently since global RapidIdentity Portal configuration determines visibility.

Upon selecting the correct LDAP entry, click OK and then modify the visible fields accordingly.

The table below describes the available configuration fields in the Roles Settings.

Field Name

Description

Roles Placement Base DN

The location in the directory where RapidIdentity Portal will store groups that are created and managed.

Enable Role Auto-Import

Allow eligible LDAP Groups to be automatically imported as Roles.

Maximum Number of Roles to Return

The maximum number of roles that will be returned by a search."

Allow Distribution List Creation

Allows the 'Distribution List' type when creating a backing LDAP Group. Only applies to RapidIdentity Portal instances using Active Directory.

Enable Role Auto-Synchronization

Enables periodic automatic updates of Role Membership.

Preload Roles

Determines if groups are loaded when a Roles tab is loaded or only when the search button is pressed.

Enable Wildcard (*) Searches

Enables or disables the ability to do wildcard searches in any section.

Write Samaccountname Value to Role

If selected, the group name will also be written to the SAMAccountName attribute. (Active Directory Users Only). The Role name will also be used as the sAMAccountName of the backing LDAP Group.

Access Control

This is a module visibility ACL that specifies who has access to the Roles module. The administrator can select the module to be attribute-based, role-based, or have it accessible to all by selecting None. Only users who meet the ACL requirements are allowed to access the Roles module, in terms of being displayed and allowed to be utilized.

Create Role

When selected, this offers the ability for users to create a role.

Update Role Info

When selected, this offers the ability to update the Role description.

Update Role Membership

When selected, this enables manual syncing of Role membership.

Delete Role

Allows the role to be deleted.

Sync Role

Allows the role to be synchronized.

role_settings_2.jpg