Creating a Sales Role

Use the following procedure to create a sales role for the Digital Airlines example. (For more information about Role policies, see Section 6.2, Role Policies.)

  1. Click Devices > Identity Servers, then click Edit > Roles.

  2. In the Roles Policy List section, click Manage Policies.

  3. In the Policy List section, click New, then fill in the following fields:

    Name: Specify Sales_Role.

    Type: Select Identity Server: Roles.

  4. Click OK to open the policy editor.

  5. In Condition Group 1, click New > LDAP Attribute, and assign the following values:

    LDAP Attribute: Select description. (If description is not included in the LDAP Attribute list, you can add it from this page. For instructions, see Step 5.a through Step 5.c.)

    Comparison: Select String: Contains Substring.

    Mode: Select Case Insensitive.

    Value: Select Data Entry Field (from the drop-down box); specify Sales as the value.

    Result on Condition Error: Select False.

    If the description attribute is not listed in the LDAP Attribute drop-down menu, create it by following this procedure:

    1. In Condition Group 1, click New > LDAP Attribute, scroll to the bottom of the list, then click New LDAP Attribute.

    2. In the Name field, specify description, then click OK.

    3. In the LDAP Attribute field, select description from the drop-down menu.

  6. In the Actions section, click New > Activate Role, then specify sales_role in the Do Activate Role field. Your rule must look similar to the following:

    The value for Activate Role might be case sensitive. If you are going to inject this role into a policy for a web server, and the page on the web server is configured so that it evaluates case, make sure the value entered here matches what is expected on the web server. The Sales System field on the Digital Airlines site requires that this value be in lowercase: sales_role.

  7. Click OK to close the Rule editor, then click OK to close the Rule List.

  8. To save the Role policy, click Apply Changes, then click Close to return to the Roles Policy List.

  9. In the Roles Policy List, select Sales_Role, then click Enable.

  10. Click OK.

  11. Update Identity Server.

    Wait for the Status to return to Current.

  12. Continue with Creating a New User with a Sales Role.