- Print
- PDF
Managing Britive Profiles
- Print
- PDF
Application administrators can configure a Britive profile to associate the permissions of an onboarded application, and setup policies so that certain members can have access to the profile with or without approval.
Application administrators can create and manage Britive profiles using the following steps.
Creating a Britive Profile
- Login to Britive with administrator privileges.
- Click on Admin -> Application and Access Profile Management.
- Click on the application and select Profiles from the navigation menu.
- You have two options for profile creation:
- Clone a profile: Clone an existing profile using the Clone profile icon in front of the profile. A cloned profile is in an active state after creation.
- Select the profile sections you want to clone for the new profile.Notes:
- Only the selected sections are cloned.
- If you select Permissions, the Associations section is automatically selected.
- Only the Associations section can be selected.
- Edit the profile as per your requirements.
- Select the profile sections you want to clone for the new profile.
- Create a profile: Click on CREATE PROFILE to create a new profile.
- Enter the following on the Create Profile page:
- Enter the following in the General section of the page:
- Enter Name.
- Enter Description (Optional).
- Check Use Default App Console URL to use the default application console URL or enter the Console URL. The user is directed to a specified console URL instead of the default landing page of an onboarded application.
- Enter the following in the Expiration section of the page:
- Enter the Expiration Timeout in minutes.
- Click Done.
- Enter the following in the General section of the page:
- Enter the following on the Create Profile page:
- Clone a profile: Clone an existing profile using the Clone profile icon in front of the profile. A cloned profile is in an active state after creation.
- After the profile is created, enter the details in the following tabs to complete a profile:
Associations
The Associations tab displays the scope of the permissions applied in a particular application. An administrator can select the environment(s)/resource(s) to be associated with this profile. This tab varies as per the application.
Permissions
The Permissions tab displays the list of permissions granted for the profile. The applicable permissions are displayed for selection and are specific to each application.
To add permissions:
- Click on ADD PERMISSIONS button.
- In the Add Permissions page, select the required permission, click + icon to add this permission.
- The list of permissions depends on the onboarded application. For example: For AWS, the user can add only one role per profile, or for OCI, the user can add only groups.
Policies
The Policies tab displays the list of policies created for a profile. An application administrator can create a policy to select which users can use the profile and whether the profile needs approval or not before checking out a profile.
- Click on the Add Policy button to add a new policy and enter the following:
- General
- Enter the Policy Name.
- Enter the Description (Optional)
- Members:
- Users: Add selected users for this policy by clicking on Add Users.
- Tags: Add selected tags for this policy by clicking on Add Tags.
- Service identities: Add selected service identities for this policy by clicking Add Service Identities.
- Generic Conditions:
- Approvals: Select whether the user needs approval to access a profile. Enter the following details if you select Approval Required as Yes:
- General
- Click Save and Enable after all the configuration is done.
Users can Edit/Clone/Enable/Disable/Delete a policy by clicking Manage for a particular policy.
Session Attributes
The Session Attributes tab displays the session attributes added to the profile.
There are two types of attributes:
- Identity: The selected value for the attribute is collected from the user's profile when they checkout AWS profile from the My Access tab.
- Static: The user has to specify a value that remains the same for all users in the Attribute Value field.
To add a session attribute:
- Click on the ADD SESSION ATTRIBUTE button.
- Enter the following on the Session Attribute page:
- Select the Attribute Type, either Identity or Static.
- Select the Attribute.
- Enter the name of the attribute as defined in the role configured in AWS in the Mapping Name field.
- Select Transitive to pass the session attributes when assuming other roles and those roles have the same attributes defined.
- Click ADD SESSION ATTRIBUTE.