PingOne Advanced Identity Cloud

Assign roles to users dynamically

Description

Estimated time to complete: 10 minutes

In the use case Create test users and roles, you created two users and a role and then assigned the role users to the users. In this use case, you are going to:

  • Assign an inactive status to one of the users

  • Add a condition to the role so that it applies only to active users

Goals

After completing this use case, you will know how to:

  • Change the properties of a user

  • Add a condition to a role

Prerequisites

Before you start, make sure you have:

  • A basic understanding of these Ping Identity concepts:

    • Advanced Identity Cloud admin console

    • Hosted pages

  • Completed the use case in Create test users and roles

Tasks

Task 1: Assign an inactive status to a user

In this task, you select one of the users you created in Create test users and roles and change their status to inactive.

  1. In the Advanced Identity Cloud admin console, go to people Identities > Manage > people Alpha realm - Users.

  2. Click on the user acruse.

  3. On the user details page, change the Status from the default value active to inactive and save the change.

Task 2: Add a condition to a role

In this task, you create a condition so that the role applies only to active users.

  1. In the Advanced Identity Cloud admin console, go to people Identities > Manage > assignment_ind Alpha Realm - Roles.

  2. Click on the employee role and then click on Settings.

    Add new role

  3. In the Condition panel, click on Set up to create the following condition for the role and save the condition:

    Field Value

    A conditional filter for this role

    Enable

    Assign to alpha_user if Any keyboard_arrow_down conditions are met

    Any

    Alpha_user properties keyboard_arrow_down

    Status

    contains keyboard_arrow_down

    is

    Blank

    active
    Add new role

  4. (Optional) Click on add Add Rule to add another condition and take a moment to browse the other conditions that can apply to roles.

Check in

At this point, you:

Made a user inactive

Added a condition to a role

Validation

In Create test users and roles, you created the employee role and manually assigned it to braman and acruse. To validate this use case, make sure the role is no longer assigned to acruse.

  1. In the Advanced Identity Cloud admin console, go to people Identities > Manage > Role Members.

  2. Make sure braman is in the list but acruse is not.

  3. Change the status of braman to inactive and acruse to active, then make sure acruse is in the list but braman is not.

Explore further

Reference material

Reference Description

Roles

Information about roles

Grant roles dynamically

Information about how to assign roles over REST