Skip to main content

Configuring Attribute Eligibility

Custom Security Attributes use EmpowerID's standard eligibility framework to control who can view and request attributes in the IAM Shop. Eligibility configuration determines which users can see specific attributes, how they can request them, and whether approval workflows are required.

Eligibility Framework

For a conceptual overview of how eligibility works across all resources in EmpowerID, see Eligibility and the IAM Shop.

Prerequisites

Before configuring eligibility, ensure:

  • Attributes have been created within an attribute set
  • You have access to edit the attribute
  • The Microsoft Entra account store connection is active

Configure Eligibility

  1. Navigate to Resource AdminApplicationsCustom Security Attributes.

  2. Search for the attribute set containing the attribute you want to configure.

  3. Click the Details button on the record for the attribute set. Attribute Set Details Button

  4. In the Active Attributes list, search for the target attribute and click the Edit button on the attribute record. Attribute Edit Button
    This opens the Details pane for the attribute. Attribute Details Pane

  5. Verify Publish in IAM Shop is toggled to Yes.

  6. Click the Configure Eligibility button in the Eligibility section. Attribute Eligibility Configuration
    This opens the Configure Eligibility modal. Eligibility Modal

  7. Under Eligibility Type, select the desired eligibility. Types include:

    • Eligible - Users can request access to the attribute in the IAM Shop
    • Suggested - Users will see the attribute as a suggested resource that they can request access to
    • Pre Approved - Users are approved for the attribute and can activate their access to it without needing to go through an approval process

  8. Under Which Type of Assignee for This Policy, select Accounts.

  9. Under Select an Account, search for and select the desired account.

  10. Click Save. Eligibility Modal Save Selection
    The account is added to the eligibility configuration. The Added count increments.

  11. To add additional accounts, repeat steps 9-10.
    To clear the search field, click the X next to the account name in the Select an Account field. Clear Selected Account
    To remove an account from the eligibility configuration before submitting, click the Added count to open the list, then click the Remove icon next to the account. Remove Selected Account

  12. When finished adding accounts, click Submit.

    The eligibility assignments appear in the Eligibility grid. Eligibility Assignment

Next Steps

After configuring eligibility: