A lot of applications have a structure like this:
- Application account
- Certain permission right
- Certain default permissions that every user needs when they have a permission group

For example: to acces a Citrix application a user might need a Citrix group publishing the application to his desktop, but also an actual application permission to use parts of this application.

Right now this can only be modeled as a technical role but this is not use friendly. The technical roles are not sorted in applications (because they are meant to combine permissions from several applications).

I would like a possibility to add conditional permission groups to the requestable group. This can of course be accomplished by nesting the groups in (for example) AD but this should be integrated in IGA to allow application and business owners to model theire application in IGA.

A suggestion how to accomplish this (just as an example):
Modify the business role condition/filter to also include 'permission' for membership to allow an auto grant/revoke additional business role on membership of a certain permission.

by: S K. | over a year ago | Configuration