Skip to content

How to Create or Edit a Profile

A profile is a set of entitlements on a specific application. An entitlement is either a specific value for an account attribute, most commonly group membership, or a permission.Profiles are specific to one role.

IdentityIQ also supports the creation of roles based on the mining of entitlements within the enterprise. These roles typically model the IT privileges required to perform a specific function within an application or other target system. Using a configurable algorithm, IdentityIQ searches for access patterns to determine logical groupings of entitlements. For information about creating a profile using entitlement analysis, see How to Create a Profile Using Entitlement Analysis.

Use one of the following procedures to create a new profile:

Create a New Profile from the Simple View

Note

Click Simple View if you are in the advance view. The Simple View might not be available in all roles.

  1. Click Add in the Entitlements Panel.

  2. Select the application on which to apply this profile from the Application suggestion list. Enter the first few letters of an application name and select the application from the suggest list.

  3. Select an account attribute and then an entitlement from the dropdown lists.

  4. Click Save to return to the Role Editor.

Create a New Profile from the Advanced View

  1. Click Advanced View in the Entitlements Panel.

  2. Click Create in the Profiles panel of the Role Editor and select New Profile. Profiles can only be added within a role. See How to Create or Edit a Profile.

  3. Enter a description for the profile.

  4. Select the application on which to apply this profile from the Application suggestion list. Enter the first few letters of an application name and select the application from the suggest list.

  5. Add Attribute Rules and Permissions to the profile. To use the filter, see How to Create or Edit a Profile. For an explanation of the permission options, see How to Create or Edit a Profile.

  6. Click Save to return to the Role Editor.

Edit a profile

  1. Access the Entitlement panel from the Role Editor page.

  2. Edit the entitlement information.

Additional Information

From the Role Editor you can add additional profiles, edit the role, or save the role. See Role Editor Page.

Profile Attributes

Creating Profile Attribute Rules

Use the Attribute Rules function to add and combine filters to define your profiles. Apply qualifiers to attributes within filters to limit the values returned and then use grouping and AND / OR operations to create the rules that make up the profile.

Add a Filter

Create the filters that make up the attribute rules.

Field - Select an attribute value from the dropdown list. This list contains all of the attributes mapped from the selected application.

Search Type - The qualifier to associate with the value, for example equals or like.

Value - The value of the attribute.

Ignore Case - Specifies if case should be factored into the query.

Filter(s): - The Operations dropdown list enables you to specify AND / OR relationships between the filters in the list. You can use multiple layers of filter grouping containing AND / OR operations to create complex attribute rules. For example, you can create an attribute rule that returns all users who are in payroll OR human resource AND located in Chicago.

Creating Attribute Permissions

Use the permissions panel to add permissions to the profile. Permissions define rights on targets on the application. Select rights from the rights lists (for example, create, read, update, delete, execute), and specify the target attribute in the Target field. Use the Shift and Ctrl keys to select multiple rights.