Learn the basics

Practical guide to unlock the full potential of the tool

Once you complete the integration process, linking your company's Entra ID with the ServiceChanger app, your starting point will encompass the existing Entra ID user database, group configurations, and user-group relationships.

The advantage is that it doesn't directly affect users and their permissions. However, the downside is that there is often a significant issue with data quality. This means it's time to clean up!

Step 1: Data Cleaner

Before utilizing the data cleaner feature, it is crucial to carefully review the manual and understand its effects. Please take the time to familiarize yourself with the functionality and potential consequences outlined here.

First, open the "Data Cleaner" tool and start cleaning up all the departments, locations, and job titles. This step is super important before you dive into creating the ABAC model. If you skip this, you might end up building your ABAC model on messy data, which could cause problems later on.

Step 2: Build your ABAC model using the Group Mining feature.

2.1 Generating All Attributes

Once setup is complete, it's time to start building. Navigate to the "Attributes" page and click the "Actions" button.

With a single click, you can generate all attributes, and users will be automatically assigned to their respective attributes, no manual work required!

2.2 Add Groups to Attributes

We highly recommend reading the 'Attribute Hierarchy: A Simple Guide' before you start.

Bottom-Up Approach: ServiceChanger recommends leveraging existing data rather than enforcing rigid top-down models. This ensures a faster and smoother implementation.

Now, it's time to use the 'Suggestions' button for each attribute. This feature provides intelligent recommendations based on your current membership data, helping you build your model efficiently.

For an even faster setup, take advantage of the Bulk Feature. You can find it under Attributes > Actions > Bulk Group Assigner, allowing you to assign groups efficiently in just a few clicks. 🚀

Warning: This feature performs the 'Group Mining (Suggestions)' process in bulk. It will create attribute-to-group mappings (and, in turn, user-to-group relationships) all at once.

Because it can affect many groups and users, please proceed carefully and be aware of its impact.

By following this sequence, it ensures the establishment of a highly effective, maintainable, and clean Attribute-Based Access Control model:

1. Departments

2. Locations

3. Job Titles (on this attribute you can also remove groups from users)

This approach keeps your model structured, scalable, and easy to manage.