External users in IAM through a third party

  • 13 July 2021
  • 1 reply

Userlevel 3
Badge +4

Hi all,

I have an IAM Db, with my app. We have created all the users and such, all ok. However, the company we deliver to, also wants to have third party users, that can login and see the status of the situation. 
So super small read only roles. 

I do not want to get a call from my client, everytime he has a new client that wants access to this view. 

Can I create an IAM-account for him, with only the option to create a new user, with specified user group etc? 

I he has access to the full iam; that's just waiting for things to go wrong...

1 reply

Userlevel 6
Badge +18


(Considering you have 2021.2)

Could creating a separate tenant for this third party be an option? That way you can separate the party from the rest of IAM and give this party's representative rights to add users in his tenant. You can also make him application owner and user group administrator to give him the rights to make user groups within his own tenant and be able to give authorization to his user groups to access a particular IAM-application.

If you are not using module authorization the application owner does have all roles to choose from to give authorization to his user groups.

Else you can only let him own user groups (as user group owner) and user admin to ensure he can create users and put them in the pre-created user group without having to call you. But that does mean you will have to do the authorization for his user group(s). This might be the better option in your situation.

Hope this helps!