Adding and removing identity groups and users for Identity+ | SecurityHub

  • Updated

Product: SecurityHub
Applies to: Customer SecurityHub administrators
 

Identity+ enables your organization to stay secure and compliant when using shared/group accounts across Intralinks products. User SecurityHub administrators can create the identity groups that define which users can log in using a particular shared account.

For dynamic linking (SSO), you need to work with your IT department to configure users in your IdP (Identity Provider) with SAML assertions that match the email addresses of the shared accounts they need to access. You have the option to use either the group email address or the customer group identifier in your SAML assertions. For more information, see the "Edit IdP assertions for Identity+ dynamic linking" section in Managing SSO Connectors

Video - Identity+ configuration

Watch this video tutorial for an overview of Idenity+ and how to add and manage Identity groups. See the full steps outlined below

Icons_Approved.svg How to create an identity group

For SSO-enabled domains, users in the Identity Provider's (IdP) Group Email Address or Custom SSO Group Identifier will have access to this identity group.

For non-SSO domains, add users to the identity group after the group is created. For more information, see Adding and removing users from identity groups

  1. Click the Identity+ tab.
  2. Click Create a Group.
  3. In the Identity Group Name field, enter a descriptive name for the identity group.

  4. In the Identity Group Email Address field, enter the email address of the group account. The group’s users will be able to switch to the shared account that uses this email. The email address is required even if you use a group identifier.

    Note: The email address cannot be changed after the configuration has been saved. To change the email address, delete the entire group and add it again.

  5. (Optional.) If your organization uses SSO and does not support sending email or special characters in SAML assertions, in the Custom SSO Group Identifier field, enter a group identifier for the group. The group identifier can contain only alphanumeric characters, dashes (-), and underscores (_). Group identifiers cannot be used for more than one group.
  6. Click Add.

Icons_Approved.svg How to delete an identity group

  1. Click the Identity+ tab.
  2. In the row of the group you want to delete, in the Actions column, click the Delete icon.
  3. Click Delete to confirm.

Icons_Approved.svg How to add users to an identity group

You can add users to identity groups manually or you can work with your IT organization to add them automatically.

Use the following procedure to manually add users for static non-SSO and SSO.

  1. Click the Identity+ tab.
  2. In the row of the group to which you want to add users, in the Actions column, click  theadd user icon.png Add Users icon.
  3. In the Add users by Email Address field, enter or paste the email addresses of the users that you want to add to this group. Separate email addresses by a comma. You can add up to 100 email addresses.
  4. Click Add.

Icons_Approved.svg How to remove users from an identity group

  1. Click the Identity+ tab.
  2. In the row of the group from which you want to remove users, in the Actions column, click the edit icon.
  3. In the Added Users section, in the row of the user you want to remove, in the Actions column click the trashcan icon. 
  4. Click Remove.

Additional information

 

Was this article helpful?

We'd love your feedback.

Please tell us how we can improve this article.