ServiceChanger
  • SERVICECHANGER V3
    • Introduction
  • GETTING STARTED
    • How to get started?
    • Learn the basics
    • Attribute Hierarchy: A Simple Guide
  • FEATURES
    • Automated Group Assignment
    • Attribute-Based Access Control
    • Intelligent Group Recommendations
    • Primary Collaboration Groups
    • Data Cleaner
    • Self-Service Portal
  • GENERAL
    • Microsoft Entra ID
    • Roles and App Settings
    • API Documentation
      • Example: Membership Runbook
    • Frequently Asked Questions (FAQ)
    • Roadmap
  • Support & Need Help?
  • Changelog - What's New?
Powered by GitBook
On this page
  • How Does Automated Group Assignment Work?
  • 1. Revokes old access
  • 2. Grants new access
  • How Is the Job Title Change Detected?
  • 1. Via ServiceChanger
  • 2. Directly in Entra ID (or Active Directory)
  • Benefits of Automated Group Assignment
  1. FEATURES

Automated Group Assignment

IDENTITY & ACCESS AUTOMATION

PreviousAttribute Hierarchy: A Simple GuideNextAttribute-Based Access Control

Last updated 2 months ago

Automated Group Assignment simplifies user access management by dynamically assigning groups and permissions based on attributes like job title, location, or department.

It ensures that access remains up to date as employees join, change roles, or leave (JML) the company. This automation saves time, enhances security, and prevents outdated permissions from lingering.

How Does Automated Group Assignment Work?

When a user’s job title, department, or location changes, the system automatically adjusts their permissions in real time.

Let’s break it down with an example:

Example: From Sales Director to Finance Director

Meet George.

  • He starts as a Sales Director, which grants him access to:

    • Sales reports

    • Customer databases

    • Sales forecasting tools

  • George is promoted to Finance Director, requiring a different access set:

    • Financial reporting tools

    • Budget management systems

    • Sensitive financial data

When George's job title changes, Automated Group Assignment takes action:

1. Revokes old access

  • Sales-related permissions are removed to prevent unauthorized access.

2. Grants new access

  • Finance-related permissions are assigned automatically, ensuring a seamless transition.

How Is the Job Title Change Detected?

There are two ways the system recognizes a job title change:

1. Via ServiceChanger

  • An administrator updates George’s job title in ServiceChanger.

  • The change syncs automatically with Azure Entra ID.

  • Azure Entra ID dynamically updates permissions accordingly.

2. Directly in Entra ID (or Active Directory)

  • An administrator updates George’s job title in Azure Entra ID.

  • ServiceChanger detects the update, triggering an automatic access adjustment.

Benefits of Automated Group Assignment

✅ Ensures users only have access to what they need, reducing security risks. ✅ Employees immediately receive the right access for their job. ✅ Works whether changes happen in ServiceChanger or Azure Entra ID. ✅ Ensures security by automatically removing permissions no longer needed.

With Automated Group Assignment, your organization can maintain strict access control, enhance operational efficiency, and adapt to attribute changes.