Skip to content

Managing Collaboration User Roles

Collaboration user roles define the permissions and level of access granted to a portal user within Non-Employee.

Collaboration user roles are assigned to portal users to grant them access to parts of your Non-Employee tenant. Lifecycle roles can't be applied to portal users, and collaboration roles can't be applied to lifecycle users.

Collaboration roles are assigned to portal users within the Collaboration Account Action in workflows, or automatically based on the groups or entitlements they have on your identity provider.

Creating Collaboration Roles

Before you can grant portal users access to your site, you must create one or more collaboration roles.

  1. Go to Admin > Collaboration > User Roles.

  2. On the Portal Group Roles page, select + Role.

  3. On the Create Portal Role page:

    • Enter a unique name for the role.

      The UID is generated automatically based on the name. This can be modified during the role's creation, but it can't be edited later.

    • In the Directory groups field, enter the complete and exact names of one or more groups from your identity provider.

      Portal users with one or more of these groups, that have access to the portals associated with this role, will be granted this role and the access that comes with it.

  4. In the Portals column, choose which portals this role applies to.

    Only users with access to the portals you select here can be assigned this role.

  5. Select create.

    The INFO tab of the role is displayed.

  6. Select the PERMISSIONS tab. Choose the permissions you want users with this role to have.

    • In the Attributes section, choose whether users with this role can view attributes on a profile, edit them directly on that profile, or whether they should have no access to those attributes.
    • In the Workflows section, choose which workflows users with this role should be allowed to execute on the profiles they're assigned to. Users with this role who don't have permission to execute workflows can still approve or deny requests associated with the workflow, complete fulfillment tasks, and contribute to the workflow in other ways.

Note

If a portal user has more than one role, including default roles, the permissions applied to each portal user for a profile type are cumulative.

Editing Collaboration Roles

You can view and edit the collaboration roles in your system.

  1. Go to Admin > Collaboration > User Roles.

    In the PORTAL GROUP ROLES page, you can see the active and archived portal roles in your tenant.

  2. Make any necessary changes to the roles on the list.

Review the possible changes you can make below.

Update Roles in Bulk

You can make some changes to the roles in your tenant in bulk.

  1. Select the checkbox beside the roles you want to edit.

    To select all roles, select the the checkbox next to the PORTAL GROUP ROLES header.

  2. Select the ellipsis icon next to Actions button to display the available actions.

    • Archive - Immediately deactivates the selected roles and moves them to the Archived tab.
    • Unarchive - Immediately activates the selected roles and moves them to the Active tab.
    • Export - Generates a JSON file containing the metadata about the selected roles and any related configuration. When the file has been generated, select Download to save the metadata to a local file.

Update an Individual Role

  1. Select the name of the role you want to edit.

  2. In the INFO tab, make changes to the settings of the role.

    Note

    • The Uid of a role can't be edited once the role has been created.
    • Removing a group from the directory groups list causes users with that group to lose access to the role, unless they have another group in the list.
  3. In the PERMISSIONS tab, make any necessary changes to the permissions this role grants to users.

    Users with this role will have their permissions updated when you save the role.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.