Skip to main content

Applications, permissions, roles, and users

Identity Cloud provides options for managing permissions and roles between applications and users.

Keep in mind the following structure of applications, permissions, roles, and users:

  • You can create permissions specific for applications.
  • Permissions cannot be directly assigned to users. First, the permissions need to be logically collected in a role. You can then assign the role to a user.
  • A user with one role can have multiple permissions to multiple applications.
  • Permissions are tied to applications. Permissions determine the granular functionality of an application.
  • Users can have multiple roles, which themselves can have multiple permissions to multiple applications.

To connect application permissions to a role and then the role to a user, you have to configure:

  • Applications and their Permissions
  • Roles and their Assigned permissions
  • Users and their assigned roles.

This section gives you a high-level overview of the process. You can find detailed descriptions for each substep by following the links below.

  1. In Application management > Applications, add an application that you want to provide access to for some of your users, such as an end-user portal, customer ticketing tool, or possibly your phone directory or sales lead management tool.
Application list
  1. In the Permissions tab of the application, create a permission or a set of permissions to these applications.
Create permission
  1. In User management > Roles, create a role that defines the functional tasks each group of your users needs to perform.
Role list
  1. Assign a permission to the role that clearly identifies which application users with these roles will be able to access.
Assign permission
  1. In User management > Users, create a user or select an existing user whose access rights you want to define.
Create user
  1. In the Roles tab of the user, assign the roles to the user.
Assign role