Who is affected?
All Non-Employee Risk Management tenants connected to Identity Security Cloud for Authentication.
What’s New?
We’re introducing a self-service setting that allows you to switch your NERM authentication from relying on SAML claims (group information) coming from your Identity Provider (IDP) to utilizing the entitlements assigned to users directly within ISC. This change is essential if you are using, or plan to use, the new NERM Users Connector in ISC to manage your NERM users and their access.
Why is this important?
Previously, NERM user roles were mapped to LDAP groups, and NERM relied on the group information included in the SAML claims from your IDP to determine user access.
The new NERM Users Connector allows you to manage NERM users and their access directly within ISC, using established lifecycle and governance processes. This means you can assign NERM roles to users by assigning entitlements in ISC, providing a more granular and controlled approach.
How does it work?
We’ve added a new “ISC AUTHENTICATION” tab within the “Authentication” section of the “System” admin menu in NERM. This new tab includes a toggle button labeled “Identity Security Cloud role assignment management using entitlements.”
-
When to Enable the Toggle: You should enable this toggle only after you have fully configured the NERM Users Connector in ISC and have begun assigning entitlements to your NERM user accounts to manage their NERM user roles.
-
What Happens When Enabled: When enabled, NERM will ignore the group information coming from your IDP and will only look to the entitlement assignments in ISC to determine user roles. Additionally, the “Directory Groups” section of the Lifecycle > User Roles admin menu will be greyed out, preventing modifications to group string configurations for roles.
-
What Happens When Disabled: When disabled, NERM will continue to rely on group information from your IDP to determine user roles.
-
Default Setting: For existing tenants, this toggle will default to “OFF.” For all new tenants, this toggle will default to “ON.”
Benefits of using ISC Entitlements for Role Management:
-
Centralized Management: Manage all your NERM user access directly within ISC.
-
Improved Governance: Leverage ISC’s governance features for better control and auditing of user access.
-
Simplified Administration: Streamline user role assignment and reduce reliance on LDAP group management.
How to get started:
-
Ensure you have the new NERM Users Connector enabled and configured in ISC.
-
Begin assigning entitlements to your NERM users in ISC to manage their NERM user roles.
-
Navigate to the “Authentication” section of the “System” admin menu in NERM.
-
Select the “ISC AUTHENTICATION” tab.
-
Enable the “Enable Role management through ISC Entitlements” toggle.
Important Considerations:
- Do not enable this toggle until you are actively managing NERM user roles via entitlements in ISC. Enabling the toggle prematurely may result in users losing access to NERM.
Important Dates
Sandbox tenant enablement: Dec 1, 2025
Production tenant enablement: Dec 3, 2025