You can add users as members to groups that delegated administrators create and manage. You can also add subgroups as members to a group.
The configuration for each delegated group type consists of the following elements:
- Group REST resource type
- Defines the attributes to locate groups in the directory information tree (DIT).
- Parent DN or Parent resource type
- Specifies the location in which to create groups in the DIT.
- To specify a parent distinguished name (DN) for a resource type, enter the
value in the Parent DN text box in the
Resource Creation section. The parent DN is often
identical to the search base DN, such as
ou=customers,ou=Groups, dc=example,dc=com
. - To specify a parent resource type, select a value from the Parent
Resource Type list in the Resource
Creation section. Delegated administrators are subsequently
presented with a list box that lets them select a resource, and the group is
created under the selected parent resource. If you specify a parent resource
type, set a value for the Primary Display Attribute Type
in the Delegated Admin section. This setting determines
the values that are displayed in the Delegated Admin GUI. For example, a primary
display attribute type of
ou
displays theou
value in the list box for each resource within the parent resource type.
- To specify a parent distinguished name (DN) for a resource type, enter the
value in the Parent DN text box in the
Resource Creation section. The parent DN is often
identical to the search base DN, such as
- Attributes
- These attributes are presented to the delegated administrators.
To configure a group REST resource type, go to
page in the PingData Administrative Console.When creating or editing a REST resource type, the Search Base DN field in the General Configuration section determines the data structure that is searched in Delegated Admin, and the Display Name field in the Delegated Admin section specifies the label of the REST resource in the Delegated Admin GUI.
PingData Administrative Console | Delegated Admin GUI | |
---|---|---|
UI field | Window and section | UI field on New Group page |
Display Name | Delegated Admin section. | . Create or edit a REST resource type, and then go to theSelect a Type label |
REST Resource Type | New Delegated Admin Resource Rights. | . Create or edit Delegated Admin rights, and then clickSelect a Type option |
Parent Resource Type | Resource Creation section. | . Create or edit a REST resource type, and then go to theDisplay name for parent resource type |
Display Name | Delegated Admin Attributes section. Click New Delegated Admin Attribute. | . Create or edit a REST resource type, and then go to theAdditional fields such as CN, Description, Business Category, and Organization |