Table of Contents
Configuring UMRS Roles in the Auth UI
Create a User Group
On the left navigation menu, click Users and Groups, then click User Groups.
In the upper right corner of the page, click + Add Group.
In the Settings page, give the new group a Name and an optional description.
You may also add Members, App Roles, API Roles, and UMRS Grants during this step if desired. All of these can be added after the group is created.
Click Save to complete creating a group.
Add a User to a Group
On the left navigation menu, click Users and Groups, then click User Groups.
Existing groups will appear in a table on the page. Click on the Settings Icon for the group you want to add a user to.
In the search box labeled Select user to be added, begin typing the email address of the user you want to add.
Click the Add button next to the search box to complete adding the user to the group.
Create a User Role
On the left navigation menu, click Access Requests, then click User-Managed Roles.
In the upper right corner of the page, click + Add User Role.
Give the new role a Name and a Description. Choose the Resource Server that the role will be used for.
Click Save to complete creating a role.
Add a User to a User-Managed Role
On the left navigation menu, click Access Requests, then click Access Grants.
In the User Grants tab, click + Add User to Role in the upper right corner of the page.
Select the User you want to give the role to, the Role you want to give to the user, the Resource ID of the resource you want to give the user access to (if applicable), and an Expires At time to limit how long the user will have access (if applicable).
Click Save to complete giving the role to the user.
Add a Group to a User-Managed Role
On the left navigation menu, click Access Requests, then click Access Grants.
In the Group Grants tab, click + Add Group to Role in the upper right corner of the page.
Select the Group you want to give the role to, the Role you want to give to the group, the Resource ID of the resource you want to give the group access to (if applicable), and an Expires At time to limit how long the group will have access (if applicable).
Click Save to complete giving the role to the group.
Create an Approver Group
On the left navigation menu, click Access Requests, then click Approver Groups.
In the upper right corner of the page, click + Add Group.
Give the group a Name and a Description.
Use the search box labeled Select user to be added to search for a user to add to the list of approvers, then press Add to add the user to the approver group.
Click Save to complete creating the approver group.
Create an Approval Workflow
On the left navigation menu, click Access Requests, then click Approval Workflows.
In the upper right corner of the page, click + Add Approval Workflow.
Give the workflow a Name and a Description. Use Approval Within to select the number of days a request needs to be approved within before the request becomes invalid.
You may also set whether an email confirmation is required, whether emails for approval and rejection are enabled, a template for access approval emails, a template for access rejection emails, and any approver groups that can approve or reject requests. These settings can be changed later.
Click Save to complete creating the approval workflow.
Create an Access Request Template
On the left navigation menu, click Access Requests, then click Request Templates.
In the upper right corner of the page, click + Add New.
Give the template a Name and a Description.
For User-Managed Roles, select UMA as the Access Type and select the Application for which access is being requested.
Select a User Managed Role and an Approval Workflow.
You may optionally set a Client Redirect URI and an Invitation Email Template.
Click Save to complete creating the access request template.
Create a New Access Request
On the left navigation menu, click Access Requests, then click View Access Requests.
In the upper right corner of the page, click + Add New.
Use the search box labeled Select user to be added to find a user whom is requesting access to a resource, and click Add to add them to the access request. You can also add a new user by selecting an IDP and entering the user’s email address and then clicking Add New User.
Use the search box labeled search resources to locate resources to add to the access request.
You can set Requested Access Dates for the start and end of the user’s resource access (the default is for access to begin immediately and to end 1 year after the request is made). You may optionally leave a note for the manager.
Click Submit Request to complete creating the access request.
Create a Group Invitation
On the left navigation menu, click Access Requests, then click Group Invitations.
In the upper right corner of the page, click + Add Invitation.
Select the Group you want to invite the user to join, the User you want to invite to the group, the Identity Issuer of the user, the Application URL, and an Email Template.
You may optionally set an Expiration time (in minutes) for the invitation, a confirmation template, and a membership expiration date if the user’s group membership is to be temporary.
Click Save to complete creating the group invitation.
Batch Invite Users
On the left navigation menu, click Access Requests, then click Batch Invite.
In the upper right corner of the page, click Batch Invite.
Select the Group you want to invite users to. Input a list of Users to invite to the group (format example: [“joe@email.com”,”mike@test.com”] ).
Input the Redirect URL for the invitation. Select the Identity Issuer for the users. Input a Description for the batch invitation. Select an Email Template to send to invited users. Use the checkbox to determine whether or not to Require Confirmation.
Click Save to complete creating the batch invitation.
Using UMRS in the User Portal
Submit a Request to Join a Group
On the left navigation menu, click My Access Requests.
At the top of the page, click Join a Group.
Select the Group Access Request Template for the group you want to request membership to. You can also set an Access End Date and write a note to the person receiving your request.
Click Submit. If required, confirm your request via email. A group administrator will receive your request and either accept or reject it.
Submit a Request for a Resource
On the left navigation menu, click My Access Requests.
At the top of the page, click Access Resources.
Select the Resource Access Request Template for the resource you want to access. If you have it, include the Resource Identifier of the resource. You can also set an Access End Date and write a note to the person receiving your request.
Click Submit. If required, confirm your request via email. A resource manager will receive your request and either accept or reject it.
View Invitations
Group Invitations
On the left navigation menu, click Invitations Received.
In the middle of the page, click Group Invitations.
Here you will be able to view invitations sent to you to join a group, and the status of your invitations.
Resource Access Invitations
On the left navigation menu, click Invitations Received.
In the middle of the page, click Resource Access Invitations.
Here you will be able to view invitations sent to you to access a resource, and the status of your invitations.
View Requests
Group Access Requests
On the left navigation menu, click My Access Requests.
In the middle of the page, click Group Access Requests.
Here you will be able to view requests you’ve made to join a group, and the status of your requests.
Resource Access Requests
On the left navigation menu, click My Access Requests.
In the middle of the page, click Resource Access Requests.
Here you will be able to view requests you’ve made to access a resource, and the status of your requests.
View Groups
On the left navigation menu, click My Groups.
To view all groups you are a member of, select All.
To view groups that you have admin permissions for, select Groups Managed by Me.
View Resources
On the left navigation menu, click My Resources.
Here you will be able to view all resources that you have access to.
