Skip to content

Managing Access Request Segments

You can use segments to limit specific access items to a targeted set of users. Segments represent a set of identities that have been grouped based on identity attributes. Admins can add access items to segments to make this access visible only to users included in these segments. When a user in a segment visits the Request Center, they are presented with access items defined in their segment and access items that are not included in a segment. Users who are not part of a segment can only view access items that are not part of a segment.

Creating an Access Request Segment

  1. Go to Admin > Access Model > Segments.
  2. Select New to display the Name Segment page.

  3. Enter a unique name and description to differentiate the segment from others and select Save.

The segment is now saved in the Segments list on the Access Request Segments page. You can select a segment from this list to define the segment identities and the access that's appropriate for those identities.

To edit an existing segment, select the segment name from the list on the Access Request Segments page and select Edit Segment in the details window.

Note

After a segment is created or edited, it may take about 20 minutes for changes to appear or go into effect for users, depending on other system processes. This includes, but is not limited to, the number of segments edited and identities impacted as well the type of access items included in the segment. For instance, entitlements may take longer to sync than access profiles or roles.

Defining Segment Identities

Select identity attribute types and values for identities you want to include in the segment.

  1. Go to Admin > Access Model > Segments and select the segment you want to define identities for.
  2. In the details window, select Edit Segment.
  3. Select Define Segment from the left pane.
  4. Select attributes and values from the dropdown lists.

  5. Select Add Criteria Add attribute. for each identity attribute and value combination you want to add to the segment. As you do this, the table lists identities that meet the membership criteria.

    Note

    Regardless of their segmentation, org administrators can view and submit requests for all access items and applications in the Request Center.

  6. When you are done adding identity attributes to the segment, select Save.

Defining Segment Access

Add access profiles, entitlements, and roles to the segment. These will be used to determine the access that users in the segment can request.

  1. Go to Admin > Access Model > Segments and select the segment you want to define access for.
  2. Select Edit Segment.
  3. Select Define Access in the left pane.
  4. Search for the access profiles, entitlements, and roles you want to add to the segment.

  5. Add access items to the segment:

    • Select the checkboxes next to the access items you want to include and select + Add to Segment.

    • In the Actions column, select Add to Segment Add access item. for the access items you want to include.

      Note

      You can add and save up to 50 access items to a segment at a time.

  6. To remove access items from the segment, select Remove from Segment Remove access item. in the Actions column for the items you want to remove.

  7. When you are done adding access items to the segment, select Save.

Reviewing the Segment

Review the identity attributes and access items in the segment. After you have reviewed the segment and determined that it is ready to use, you'll need to enable the segment to use it with access requests.

  1. Go to Admin > Access Model > Segments and select the segment you want to review.
  2. Select Edit Segment.
  3. Select Review in the left pane to display the identity attributes, access profiles, entitlements, and roles in the segment.

  4. To edit the segment, select the related item in the left pane.

    Important

    Select Save on each page you make changes to.

  5. When you are done reviewing, select Save to save the segment.

Enabling and Disabling Segments

After you have created and defined a segment, you must enable it to start using it with access requests. To stop using a segment, you’ll need to disable it. After you disable a segment, the identities in that segment will be able to see all requestable access items unless you’ve defined another segment to include those identities.

To enable and disable segments, use the Yes/No toggle controls from the:

  • Enabled column of the Segments list
  • Window launched after selecting a segment name from the Segments list