Configuring user access control for PingOne Directory
Before you begin
To set up your PingOne Dock, you must have the following:
-
A PingOne account
If you don’t have a PingOne account, register at https://admin.pingone.com/web-portal/register.
-
A connection between PingOne and an identity provider (IdP)
For more information about IdPs and connecting to them, see Connecting to an identity repository.
About this task
|
These steps apply only if you are using the PingOne Directory. For all other identity providers, see Configuring user access control for a third-party identity provider. |
PingOne uses user groups to control user access to applications. As an administrator, you create user groups, manage the group’s application permissions, and add or remove users to grant or limit their access to those applications.
For users to see application icons in their dock, at least one application must be mapped to a group.
Steps
-
In PingOne, go to Users → User Directory → Groups.
-
Click Add Group.
Result:
The New Group form opens.
-
In the Name field, enter a name for this group.
-
On the Directly Applied Role line, grant user directory access to this group.
Choose from:
-
To prevent users in this group from viewing or modifying the user directory, click No Access.
-
To allow users in this group to view user and group directory information, click User Reader.
-
To allow users in this group to create and modify user directory information, and to view group directory information, click User Manager.
-
To allow users in this group to create and modify user directory information, create and modify groups, and change group membership, click Group and Entitlement Manager.
-
-
Click Save.
Result:
The new user group appears in the Groups list.
-
Go to Users → User Directory → Users.
-
For each user that you want to add:
-
Click Edit.
-
Under Memberships, click Add.
-
In the Add Group Membership form, select the check box for each group to add the user to.
-
-
Go to Applications → My Applications.
-
For each application you want to grant group access to:
-
Click the name of the application to expand it.
-
Click Edit.
-
Click Continue to Next Step on each tab until you reach the Group Access tab.
-
To grant group access to this application, click Add.
Troubleshooting:
Empty groups do not appear in the Group Access list. If your group does not appear in the list, see step 7 to add users.
-
-
Click Continue to Next Step.
-
Click Finish.