Enhancement: Role Membership Assignment Criteria in Access Modeling

Announcements Product News
, , ,
1

Description

We’ve made it simpler to turn AI-discovered roles into actionable, dynamic roles in Identity Security Cloud. Instead of manually exporting and rebuilding roles from Access Modeling, you can now seamlessly transition them to the Role Create page to refine membership criteria, add metadata, and apply dynamic access controls. This enhancement saves time, reduces manual effort, and improves role maintainability, ensuring that AI-generated roles align with your organization’s governance needs from the start.

Problem

Customers using Artificial Intelligence (AI) to discover roles previously needed to export a role from Access Modeling and manually recreate it in Identity Security Cloud (ISC) to add logic. For example, creating a role like “Engineering Department” to automatically assign it to new employees required additional steps. This process limited the ease of role creation and adoption of Access Modeling.

Solution

Customers can now discover roles with Access Modeling and finish creating that role in the ISC Role Create page, allowing them to enrich the role with membership criteria, metadata, and dynamic access capabilities. Once the user is confident with their role composition (identities & entitlements), they are then taken to the ISC Role Create page instead of creating the role directly in Role Discovery.

This enhancement streamlines the AI-assisted role creation process. Customers no longer have to export AI-discovered roles and then manually build them in ISC to add logic to them. In addition, AI-discovered roles can be created to be much more maintainable than before by applying membership.

Overview

From the Role Insights page, users can either click into the Auto-Discovered Roles tile or manually scope a population on which to discover roles. Once they decide to to create a role, the user is taken to the Define Assignment tab in the Role Create/Edit page they are already familiar within ISC. They can finish creating the role as they are used to, including assigning role membership criteria.

Users can find a role via Auto-Discovered Roles tile or Role Discovery, then click on Create Role to proceed.

Composition
Composition1668×854 54.1 KB

Users enter the Name and Owner in the slider, then click Create Role at the bottom.

Create a New Role
Create a New Role1665×966 75.6 KB

The user is directed (by default) to the Define Assignment page. From here, they can finish creating the role.

Define Assignment
Define Assignment1663×964 60.6 KB

Who is Affected

This feature caters to any users that create roles for their organization, typically admins and sub-admins.

It is available to all IDN/ISC Access Modeling users. IIQ customers are not affected by this feature.