Previous Topic: Test a New PolicyNext Topic: Create an Access Filter

Administration GuideCustom Roles and PoliciesConfiguring Custom User Roles and Access PoliciesCreate a Dynamic User Group Policy

Create a Dynamic User Group Policy

A dynamic user group is composed of global users that share one or more common attributes. A dynamic user group is created through a special dynamic user group policy where the resource name is the dynamic user group name and membership is based on a set of filters configured on user and group attributes.

You can create a dynamic group composed of Users, Application Groups, Global Groups, or Dynamic Groups. For example, you can create a dynamic group of Global Groups or Application Groups based on Name, Description, or Group Membership. Or, you can create a dynamic group of Users with different roles based on a common attribute in their global user profile, for example:

Only Administrator can create Dynamic User Group Policies.

To create a dynamic user group policy

  1. Click the Administration tab and the User and Access Management subtab.
  2. Click Access Policies.
  3. Click New Dynamic Group Policy.

    The New Dynamic Group Policy page appears.

  4. For Name, enter a group name that indicates what this group of users has in common. Optionally, enter a description.
  5. Select a policy type. The default is Access Policy.
  6. Select Identities as follows:
    1. For Type, select User, Application Group, Global Group, or Dynamic Group and click Search Identities.
    2. For Attribute, Operator, and Value, enter the expression that sets the criteria for membership in this group and click Search.

      For example, if you selected User, you could enter Job Title Like Manager and click Search to find all of the users who have the job title of Manager.

    3. Select from the displayed identities those who are to be members of this dynamic group and click the Move arrow to move your selections to the Selected Identities box.
  7. For Actions, select belong.
  8. In the Add resource field, enter the value you entered in the Name field and click the Add button. This indicates that the selected identities belong to the dynamic group resource you just created.
  9. Optionally, add more filters.
  10. Click Save.
  11. Click the Dynamic User Group Policies link and verify the new dynamic user group you created. For example:

    Dynamic user group policies assign specified identities to the dynamic group you specify as the resource.