Learn how to configure roles in Cloud Access Manager (CAM), a web-access management solution from One Identity that offers secure and unified access to all your internal and cloud-based web applications.
Welcome to this video on Cloud Access Manager, Roles Configuration. Cloud Access Manager uses roles to manage who has access to which applications. Roles can be local, such as an active directory group, or federated, such as an attribute from a SAML insertion. For example, I can create a role, name it sales, and add my active directory sales group to it. Or I can create a role and name it managers and add any user with SAML attribute title equals manager.
Let's see how that works. Let's see how we configure roles. So back on the Cloud Access Manager Fallback Administration logon screen, once you've installed Cloud Access Manager and you've configured the front end authentication, aspects of Cloud Access Manager, one of the outstanding tasks-- I'm going to go ahead and click on the number two outstanding tasks in here-- is to add users to the admin roles.
By default-- let's go ahead and click on this link. We have two roles that come with Cloud Access Manager-- admin role and user role. We're going to go ahead and click on admin role. And I've already done this, but I'm going to show you how this is done. Actually what I can do is go ahead and delete this real quickly. What we're going to do is add a user to the admin role.
So we're going to say user-- we're only connecting to active directory as our front end authentication method. We're going to look for administrator, have the Cloud Access Manager log in to active directory, find users, find administrator, and we'll go ahead and save. So now we've added a user to our admin role in Cloud Access Manager. Again, if we want to create a new role, what we do is we just click add a role. Give it a name, so we can say here is maybe sales. A description, so this is sales users. And then we're going to add users to this role.
What we can do again here-- again, I'm connected to active directory, so I don't have a sales active directory group. So I'll just connect this to domain users. And here's my sales or domain users, in this case, group. And go ahead and save. So now I've created another role called sales. And I've added my active directory group sales to it. Again, if we had multiple authenticators, say a SAML federated authenticator, we can switch to that and use any of the attributes that are part of the insertion from SAML to basically define who has access to the specific role.
What we're going to do now is go ahead and save this. And we'll go ahead and close. And back on the tile screen now, we see that we have three roles that we have in our system, which is the admin, the users, and we created a sales role. This completes the task of configuring-- first of all, adding a user to the admin role, and then how we go about configuring new roles so that users will start accessing the applications they need to access. This concludes this video.