Create Dynamic Rules for Access Groups
5 min read
By: Tim Brantner
Users and admins can now dynamically create access rules
We’re excited to tell you about a new feature inside the IBM Cloud Platform that allows users or admins to dynamically create access rules based on identity information shared from their Enterprise Identity Provider. This means you can create dynamic rules to add federated users to your access groups based on pre-defined or identity attributes that you personally tailor for your environment.
How it works
When your users log in with a federated ID, the data from their identity provider dynamically maps your users to an access group based on the rules that you set. This can happen because users already have specific identity information within your company’s domain. When they log in with a federated ID, this data can be passed through using SAML assertions. For example, there might be a SAML assertion attribute for designating if a user is a manager or not; this can be used to add all users who are managers to a specific access group. Previously, a user or admin had to manually add users to a group. Now, federated users can be added to a group more naturally and dynamically. Note: Only users who are already invited to the account can be mapped to access groups using dynamic rules.
Start creating dynamic rules
Go try it out for yourself! Follow these simple steps to begin creating dynamic rules for access groups:
Pick or create a group
Click the “Dynamic Rules” tab
Click “Add Rule” button
Alternatively, you can follow the clear steps lined out in our documentation along with details on each required field here. Either way, we are looking for your feedback on this feature. Please use the “Feedback” button on the Access Groups page in the IBM Cloud Platform to let us know what you think about this feature.