Specialized Roles Discovery

Specialized Roles Discovery, part of Access Modeling, identifies user access patterns and determines potential roles, or bundles of access, that accurately align with what users actually do in an organization. IdentityIQ Administrators can use this functionality to generate roles for specific job functions, such as Accounting or Sales.

To discover specialized roles:

  1. Navigate to Intelligence > Advanced Analytics.

  2. In the Search Type field, make sure Identity is selected.

  3. Enter and apply search criteria.

  4. Select the identity or identities to discover roles for.

    Note: AI Access Modeling limits the number of identities to 25,000 per population to be mined.

  5. Select the Discover Specialized Roles button.

  6. You will be redirected to the Access Modeling page in IdentityNow, using the URL that you configured in Enabling Access Modeling. If you are not already logged in to IdentityNow, you will have to enter admin credentials and authenticate.

    AI displays a list of potential roles.

    Note: Once you are in a role mining session, you can select the Settings button at the right side of the screen to adjust settings and use the granularity slider to adjust the minimum number of identities in a group.

  7. Select a role from the list.

  8. The Potential Role page includes the following tabs:

    • On the Composition tab, use the slider to exclude entitlements beyond your chosen popularity threshold, then select Apply.

    • On the Exclusions tab, indicate exclusions.

    • On the Identity Overview tab, use the Show Chart dropdown to view the Identity Attributes. A list of identities shows those that would be included in this role, listed by display name, department, job title, and location.

  9. Select the Create a Role button. Alternately, you may select Save Draft if it needs additional work.

  10. On the Create a Role page, enter a name, owner, and description to create it. This role will be excluded from future Access Modeling role mining, role insights, and Access Request recommendations.

    • Select the Include Identities checkbox to indicate that you want the identities listed in the Identity Overview tab to be included in the new role when it is created.

  11. Select the Create a Role button.