Common Access Roles Discovery

IdentityIQ Administrators can use this functionality to determine which access should be common to nearly all identities in an organization. Common access roles are not tied to specific job functions.

Note: Only roles created using Discover Common Access will be designated as common access in AI, and only these roles will have their entitlements excluded from future Access Modeling mining sessions.

To discover a common access role:

  1. Navigate to Intelligence > Advanced Analytics.

  2. In the Search Type field, make sure Identity is selected.

  3. Enter and apply search criteria.

  4. Select the identity or identities to discover roles for.

    Note: AI Access Modeling limits the number of identities to 25,000 per population to be mined.

  5. Select the Discover Common Access Roles button.

  6. You will be redirected to the Access Modeling page in IdentityNow, using the URL that you configured in Enabling Access Modeling. If you are not already logged in to IdentityNow, you will have to enter admin credentials and authenticate.

    AI displays the potential role.

    Note: Once you are in a role mining session, you can select the Settings button at the right side of the screen to adjust settings and use the granularity slider to adjust the minimum number of identities in a group.

  7. The Potential Role page includes the following tabs:

    • On the Composition tab, use the slider to exclude entitlements beyond your chosen popularity threshold, then select Apply.

    • On the Exclusions tab, indicate exclusions.

    • On the Identity Overview tab, use the Show Chart dropdown to view the Identity Attributes. A list of identities shows those that would be included in this role, listed by display name, department, job title, and location.

  8. Select the Create a Role button. Alternately, you may select Save Draft if it needs additional work.

  9. On the Create a Role page, enter a name, owner, and description to create it. This role will be excluded from future Access Modeling role mining, role insights, and Access Request recommendations.

    Select the Include Identities checkbox to indicate that you want the identities listed in the Identity Overview tab to be included in the new role when it is created.

  10. Select the Create a Role button.