LogoLogo
3.0.0
3.0.0
  • Getting Started
    • What is Cymmetri?
    • Release Notes
    • Starting your Cymmetri Trial
    • Admin Dashboard
    • Accessing Cymmetri
    • Supported Web Browsers
    • Cymmetri Error Codes
    • Help
    • Personalization
      • General Configuration
      • Admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Tenant Branding
      • Custom Attributes
  • Identity Hub
    • Managing Users and Groups
      • User Management
      • User Detail
      • Create Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Delegation
        • Setting up Delegation
        • Delegating Work to Delegatee
        • Accepting Delegation
      • Suspended Users
      • Archived Users
      • All Users Session
    • Authentication
      • Identity Provider
        • Internal IDP
          • Introduction
          • Internal Identity Provider Configuration: Cymmetri
          • Internal Identity Provider Configuration: Active Directory
          • Internal Identity Provider Configuration: LDAP
        • External IDP
          • Introduction
          • External Identity Provider Configuration - Google IDP
          • External Identity Provider Configuration - Azure IDP
          • External Identity Provider Configuration - Salesforce IDP
      • Service Provider
      • Authentication Rules
      • Password Policy
      • Global Auth Policy
      • Adaptive
    • Attribute Setting
    • Password Filter
    • Logs
      • Audit Log
      • Import History
      • Scheduler History
  • Lifecycle Management
    • Application Management
      • Support for Application Management
      • Getting Started
        • Introduction to Application Management
        • Adding Applications to be managed by Cymmetri
        • Assigning Applications to End Users
        • Dynamic Forms
        • Configuring Connector Server
      • Provisioning How to
        • Azure Provisioning
        • Active Directory (AD) Provisioning
        • Google Workspace Provisioning
        • LDAP Provisioning
        • Powershell Provisioning
        • REST Connector Provisioning
        • SCIM v2.0 Provisioning with Basic Authentication
        • SCIM 2.0 with Bearer Authentication
        • SCIM 2.0 with Fixed Bearer
        • Github Provisioning
      • Reconciliation How to
        • Configuring Reconciliation Process
      • Rules
        • Provisioning
        • Deprovisioning
    • Workflow Management
      • Workflow Configuration
      • Workflow Rules
      • Pending Workflows
      • Workflows List
    • Teams Config
    • Configuring Webhooks
  • Single Sign On
    • Introduction
    • SSO Configuration
      • SAML 2.0 Based SSO
      • API Based SSO
      • OpenID Connect Based SSO
    • Multifactor Authentication(MFA)
      • Introduction
      • Cymmetri Authenticator
      • Push Authenticator
      • Google Authenticator
      • SMS Authenticator
      • Secret Questions
      • FIDO Authenticator
      • Admin MFA Setting
    • Passwordless
      • Introduction
      • TOTP Based
      • OTP Based
      • Consent Based
      • FIDO Based
  • My Workspace
    • Getting Started
      • Introduction
      • First Time User Registration
      • End User Login Process
      • Forgot Password & Unlock Account
      • User Settings
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • On Behalf
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
  • Governance
    • Insights
      • Reports
      • Risk
    • Access Certification
      • Setting up and managing Access Reviews
  • Self-Service App
Powered by GitBook

Cymmetri.com

On this page

Was this helpful?

Export as PDF
  1. Lifecycle Management
  2. Application Management
  3. Rules

Provisioning

Was this helpful?

In any Identity and Access Management (IAM) system, provisioning rules are predefined instructions or policies that dictate how user accounts and access privileges are automatically created, modified, or deactivated across various IT systems and applications.

These rules streamline the process of managing user identities and access rights throughout their lifecycle within an organization.

In Cymmetri, administrators have the ability to establish these rules within the "Rules" tab under the Lifecycle Management module. To do so, the administrator navigates to the "Provision" section, where the following page will be displayed.

On this page, administrators can view a comprehensive list of all the currently established rules within Cymmetri, along with an "Edit" button that allows them to make modifications to these rules.

On the top right corner of the page the admin can find the Add new button to add a new provisioning rule in Cymmetri.

To add a new rule you must do the following:

  • Add the name of the rule

  • Add Description of the rule

  • Select whether any condition should be applied to the rule

  • Activate the rule and save

Once the rule is saved, it will be included in the main listing. To define or modify the rule, click on the "Edit" button corresponding to the record.

The initial step involves defining the rule by specifying the application and the corresponding roles that will activate the rule.

If necessary, roles can be created for the application directly within the provisioning rule before adding them.

Note: Multiple application and roles can be added in a single provisioning rule

The next step is to add the condition upon which the rule will be activated within the system.

To add a condition navigate to the conditions section and click on Add new condition button.

You can set up multiple conditions for the rule. For example, in the rule below, the conditions are that the user must be an "employee," and their department should be "Sales."

Note: Only the active conditions will be executed for the rule to trigger while provisioning.

If required these conditions can be added, deleted or modified.

These rules automate and streamline the process of managing user accounts and access privileges across various systems and applications within an organization.