Use Case: Assign Users to Access Role

Follow

Contents

Assign Users to an Access Role

Upon account creation, we want to automatically grant a set of new Okta users access to specific Group Permissions in our BetterCloud instance.

This task can be automated with a Workflow if the custom Role has been preconfigured in your BetterCloud instance. When the ‘User Added to Group’ Okta alert has triggered, and the user is also added to the ‘Groups Management in BetterCloud’ group during or after creation, the Workflow will add the user to the custom ‘Groups Management Role” in BetterCloud and the IT Team will be notified via email.

Please note: this access to BetterCloud will only be granted into the newer platform (app.bettercloud.com). Custom Role-Based Privileges must be configured in BetterCloud and users can only access app.bettercloud.com if they are assigned to a role. These roles must be managed in BetterCloud separately from Google Admin Roles in admin.google.com and Access Controls in g.bettercloud.com.

Screen_Shot_2018-12-31_at_11.18.41_AM__1_.png

Create a Role

Begin by creating a new custom Access Role specifically for these users in the new BetterCloud platform.

  • Here we are omitting the “delete” permission in the role to prevent accidental data loss and all group deletions will go through a Super Admin.

Screen_Shot_2018-12-28_at_1.15.16_PM.png

Then proceed with scheduling their timed access by day and time:

unnamed__4_.png

1. ‘User Added to Group’ Okta Alert

The threshold of the ‘User Added to Group’ Okta system Alert is pre-configured to 0 in the Workflows Builder and cannot be updated in the Alerts Manager section of the platform. This alert will only trigger once the additional conditions within the Workflow have been met.

unnamed__5_.png

2. IF the Group Is....

Select the 'Group' in your Workflow's IF condition in order to target the user that is specifically moved into the Group created for the Groups Management Role in BetterCloud.

Screen_Shot_2018-12-31_at_11.22.08_AM__1_.png

Here is an example below of how adding the group to the user’s account in Okta appears during the creation process.

Screen_Shot_2019-01-04_at_11.00.54_AM.png

In order to add a user to the Okta ‘Groups Management in BetterCloud’ group in your BetterCloud Workflow, the Group will need to be an ‘Okta Group’ for selection. You cannot add members to ‘App Groups’ within Okta and they can only be viewed within the BetterCloud Group Directory grid.

unnamed__7_.png

3. Add User to Access Role

Next, add the “Add User to Access Role” action to your Workflow, target the user added to the Okta group, and select the preconfigured BetterCloud Access Role. Groups Management role will give the users added to the ‘Groups Management in BetterCloud’ Okta group Create, Edit, and View access to Groups in the new BetterCloud platform.

unnamed.gif

4. Send Email to Group

And, lastly, add the “Send Email to Group” Google action to notify the IT Group that this user was assigned to the Groups Management role within BetterCloud.

  • Use the To field of the Send Email to Group action to target the “IT Group”. And the Subject and Body fields to create a custom notification that will be sent automatically when a new Okta user is added to the Groups Management Role.

Screen_Shot_2018-12-31_at_11.24.49_AM__1_.png

BetterCloud Reference Articles

Google Related Articles

Other Related Articles

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request