Creating asset groups
You can use groups to organize and manage assets and users in EPM. For example, a group can be associated with a particular job function like windows system administrator and configured so that only users who are members of that group can authenticate to Windows servers. You can change the status of a group to quickly enable or disable multiple group based entitlements at once.
The system provides flexibility for provisioning groups based on static grouping techniques, attributes of the user or active directory groupings. The EPM Administrator is responsible for setting up details of all user groups in the EPM system. This section covers details about various grouping techniques and working methods.
EPM offers various types of groups to manage asset entitlement. Choosing the type of group is an important step in planning for using asset groups with EPM.
Group Type | Purpose |
---|---|
Static Group | Select this option when you want to add an account with one-one to a specific group. For example: Mapping all Database administrators to one group who are part of multiple account options. |
Attribute-based group | Such groups are recommended to manage fluidic account environments. A group could be designed for all operations teams which are frequently changing the account base. Attributes can be based on Hostname, Company Information, Department, Email, Account name, Manager or based on a system-defined tag. |
Active directory group | Active Directory based groups allow you to define and assemble dynamic Windows Active Directory user groups. They are based on LDAP search filter expressions applied to user attributes. Such groups can dynamically sync asset information with Active Directory Groups. |
Creating a Static Asset Group
Login to the system and select EPM from the product navigator.
Click on Manage → Asset Groups → +Add Asset Group.
Provide a unique Asset Group Name.
Optional: Provide Group Description.
Select the method as a Static Group.
By default, all groups are enabled when provisioned, disable the option if you would like to activate this group later.
Click on Save.
Creating an Attribute Based Asset Group
Login to the system and select EPM from the product navigator.
Click on Manage → Asset Groups → +Add Asset Group.
Provide a unique Asset Group name.
Optional: Provide Group Description.
Select method as Attribute Based Group.
Select attribute type from the drop-down list and select operator like =, !=, and LIKE and provide input criteria.
You can also add multiple attributes by clicking + symbol. Repeat step 6 if you need to add more criteria for defining this group type.
By default all groups are enabled when provisioned, disable the option if you would like to activate this group later.
Click Save.
Creating an Active Directory group
Login to the system and select EPM from the product navigator.
Click on Manage → Asset Groups → +Add Asset Group.
Group Name: Provide a User Group name. Make sure the group name has to be unique in case you have multiple instances configured.
Group Description: Provide a group description (optional).
Method: Active Directory Group.
Directory Store: Select the directory store configured in the system.
Server Groups: click on the Browse button to select the desired group to Sync with the system.
Exclude Host Name(s): There may be a scenario in which you want some users not to be a part of this group in the system. You can specify multiple user names in this field by a comma separated format like ‘john.doe, noah', etc to exclude.
By default, all groups are active when created, if you would like to activate this group later simply uncheck the Active checkbox.
Click Save.
For configuring an Active Directory based group, first a Directory Store must be configured in the system. Refer to the Directory store section.
To enable this function, ‘UserManagementService’ is required be be started, refer to Manage App Services to navigate and start the service.