On the Requestor information tab, you can ask questions to collect more information from the requestor. Select Next to open the Requestor information tab. Scroll down to the Approval and Enable requests sections.įor Enable requests, select Yes to enable this access package to be requested as soon as it's created. In the Select users and groups pane, select the Requestor1 user you created earlier.Ĭhoose Select to add the user to the list. In the Users who can request access section, select For users in your directory and then select Specific users and groups. You create a policy that allows a specific user in the resource directory to request this access package. A policy defines the rules or guardrails to access an access package. On the Requests tab, you create a request policy. When using dynamic groups you will not see any other roles available besides owner. For more information on selecting the appropriate roles for a resource, read add resource roles. If you select the Owner role, it allows users to add or remove other members or owners. In the Role drop-down list, select Member. When you select a group outside of the General catalog, which you can see if you check the See all check box, it will be added to the General catalog.Ĭhoose Select to add the group to the list. In the Select groups pane, find and select the Marketing resources group you created earlier.īy default, you see groups inside the General catalog. In this scenario, select Groups and Teams.
You can choose to manage access to groups and teams, applications, and SharePoint Online sites. On this tab, select the resources and the resource role to include in the access package. Select Next to open the Resource roles tab. Leave the Catalog drop-down list set to General. On the Basics tab, type the name Marketing Campaign access package and description Access to resources for the campaign.
If you see Access denied, ensure that an Azure AD Premium P2 license is present in your directory. In the left menu, select Access packages.
In the left menu, select Identity Governance In the Azure portal, in the left navigation, select Azure Active Directory. Prerequisite role: Global administrator, Identity Governance administrator, User administrator, Catalog owner, or Access package manager In this step, you create a Marketing Campaign access package in the General catalog. Access packages are defined in containers called catalogs. The group should be empty of members to start.Īn access package is a bundle of resources that a team or project needs and is governed with policies.
This group will be the target resource for entitlement management. This user can be the user you're currently signed in.Ĭreate an Azure AD security group named Marketing resources with a membership type of Assigned. Global administrator, or User administrator. Use the following names or different names. In the left navigation, select Azure Active Directory.Ĭreate two users. Sign in to the Azure portal as a Global administrator or User administrator. Prerequisite role: Global administrator or User administrator In this step, you create a group named Marketing resources in the Woodgrove Bank directory that is the target resource for entitlement management. Step 1: Set up users and groupĪ resource directory has one or more resources to share.