Automated Group Assignment

SERVICE AUTOMATION

This feature simplifies user access management by automatically assigning groups (permissions) based on attributes like job title, location, or department. It keeps everything up to date as employees join, move within, or leave the company, making access control seamless and efficient, saving time for everyone involved.

How does Automated Group Assignment?

This feature automatically adjusts permissions when users are newly hired or change roles within the company.

Let's break it down an example:

Example: From Sales Director to Finance Director

Imagine we have a user named George, who initially works as a Sales Director within our company. As the Sales Director, George has a specific set of access permissions that allow him to view and manage sales reports, access customer databases, and use sales forecasting tools.

Now, let's say George transitions to a new role within the company, becoming the Finance Director. With this change in his job title, our system's Automated Group Assignment feature kicks into action. It automatically revokes George's access permissions related to his previous role as Sales Director. This means he will no longer be able to access the sales reports, customer databases, or sales forecasting tools that were part of his old job.

Simultaneously, the system grants George a new set of permissions appropriate for his role as Finance Director. These permissions might include access to financial reporting tools, budget management systems, and sensitive financial data critical to his duties in the finance department.

When George is promoted to Finance Director, his job title change can be initiated in two ways:

1. Via ServiceChanger: An administrator updates George's job title to "Finance Director" within ServiceChanger. This update is automatically synchronized with Azure Entra ID, thanks to the system's integration. Azure Entra ID's dynamic role assignment feature then automatically revokes George's sales-related permissions and grants him the access rights needed for his new role, including financial reporting tools and budget management systems.

2. Directly in Azure Entra ID: Alternatively, the job title change can also be made directly in Azure Entra ID by an administrator. ServiceChanger immediately recognizes the update and adjusts George's permissions accordingly, ensuring he loses access to sales-specific resources and gains access to finance-specific ones.

This dual-pathway approach ensures that regardless of where George's job title is updated—ServiceChanger or Azure Entra ID—the transition is smooth. He instantly gets the tools and information required for his new role, while the organization maintains strict access control, seamlessly adapting to changes in employee roles. This flexibility enhances operational efficiency and security, ensuring role transitions are managed effectively.