×

IDMWORKS Blog

How to Limit QuickLinks Accessibility to Defined User Sets in SailPoint IdentityIQ


QuickLinks are objects in IdentityIQ that enable you to place customized links on the IdentityIQ Home page and in the QuickLinks menu that is available on every page. QuickLinks are defined when IdentityIQ is deployed and are based on the needs of your enterprise. You can determine the behavior and availability of these links for different users. For example, IdentityIQ can be set up to limit access based on user capabilities, rights, or workgroup membership.

Three objects control links. Quicklink objects define the links, the DynamicScope object controls who can view those links, and the QuickLinkOption object references the first two to create the QuickLinks within the product.

Occasionally, we have customers who would like to use custom menus that are only available for a certain set of users based on account privileges. Today’s guide will walk you through how IdentityIQ we can limit the visibility/accessibility of some custom menus (QuickLinks) to specific accounts(people) only. To achieve this we’ll examine how to use QuickLinks, DynamicScopes, and IdentitySelector.

There are a few out-of-the-box QuickLinks available or you can create custom QuickLinks. <QuickLinks> are available to users depending upon <DynamicScopes> declared inside the <QuickLinks> object.

We can modify <DynamicScopes> using <Selector> and <IdentitySelector> to filter identities of our interest so that <QuickLinks> will appear and accessible for those users only.

With <IdentitySelector> we can combine the following objects to filter identities which shows different ways to filter it.

·  CompoundFilter
·  MatchExpression
·  PopulationRef
·  RuleRef
·  Script

QuickLinks Accessibility Scenarios

1) QuickLinks is accessible for the user(s) belonging to a specific application’s group, where the application name is “LDAP”

 

2) QuickLinks is accessible for the user(s) who have “ApplicationAdministrator” capability

 

3) QuickLinks is accessible for any user in the “Austin” population

 

4) A rule is used to determine whether users have access to this QuickLink.  If the Rule IdentitySelectors returns “true,” the logged-in user meets the criteria and the respective user can see the associated QuickLink.

 

5) if the logged-in user meets the script’s criteria then script IdentitySelectors return “true” and grant the user access to the associated QuickLinks.

We hope this brief tutorial helps you better understand how simple it is to use QuickLinks, DynamicScopes, and IdentitySelector to create and deliver custom QuickLinks to a defined set of users.

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

Leave a Reply

Your email address will not be published. Required fields are marked *