Skip to main content

Assigning Custom Security Attributes

This guide explains how to assign Custom Security Attributes to users and service principals in EmpowerID. Assignments associate custom metadata with directory objects according to organizational policies and approval workflows.

Assignment Limitations

Custom Security Attributes can only be assigned to Microsoft Entra users and service principals. Group assignments are not supported.

Prerequisites

Before assigning attributes, ensure:

  • Eligibility has been configured for the attributes
  • Attributes are active and available for assignment
  • The Microsoft Entra account store connection is active

Assign Attributes to an Account

  1. Navigate to Resource AdminApplicationsCustom Security Attributes.

  2. Search for and click the Details button for the desired attribute set. Attribute Set Details Button

  3. Click Assignments on the Attribute menu.

  4. Click Users or Service Principals, depending on the type of account you are assigning to the attribute.

  5. Click the Add Assignment button. Add Assignment Button This opens the Add Assignment search.

  6. In the Add Assignment search, click the Select a Account field. Simple Account Search This displays eligible accounts. To search by specific fields (Last Name, Logon, etc.), click Advanced Search and enter the search criteria. Advanced Account Search

  7. Click the account record to select it. This opens the Add Assignment modal for the selected account. Add Attribute Assignment Modal

  8. In the left pane of the modal, search for and select one or more attributes to be assigned. The pane only shows attributes the user is eligible to receive. Attribute Assignment Selection

  9. (Optional) If setting a duration for the assignment, toggle the Set Duration switch and configure the expiration date.

  10. Click the Add button to move selected attributes to the assignment queue. Attribute Assignment Add to Queue

  11. (Optional) To set specific attribute values before adding the assignment to the cart, click Edit value(s) next to an attribute and configure based on attribute type:

    For Multi-Predefined attributes:

    • Click the checkbox next to each value you want to assign Multi-Predefined Configuration
    • Click Select all values on page to select all available values
    • Click Save

    For Single-Predefined attributes:

    • Click the dropdown field and select one value Single-Predefined Configuration
    • Click Save

    For Boolean attributes:

    • Click the dropdown field and select True or False Boolean Configuration
    • Click Save

    For Multi-Free Text attributes:

    • Enter a value in the text field Multi-Free Text Configuration
    • Click + Add Free Text Label Value to add additional values
    • Click the Delete button next to any value to remove it
    • Click Save

    For Single-Free Text attributes:

    • Enter the desired value in the text field Single-Free Text Configuration
    • Click Save

  12. Click Add To Cart.

  13. After configuring all attribute eligibility assignments, click the cart to open it. View Cart

  14. Select a justification for the request. If you select Other Justification, you must enter a comment. Cart Select Justification

  15. Verify all details of the request and click Evaluate Request to initiate risk analysis. Cart Evaluate Request Button

  16. After evaluation completes, enter:

    • Business Request Name - Descriptive name for the request (maximum 500 characters)
    • Comment - Additional notes or justification as needed (maximum 500 characters)

  17. Click Submit. Cart Submit Button

    A Business Request is created and routed to the appropriate approvers based on the configured Access Request Policy.

    You should see the request in My Tasks.

Empty Cart

The Empty Cart option is available throughout the process if you need to start over.

Track Assignment Status

After submitting an assignment, track its progress through the approval and fulfillment process.

  1. Navigate to My Tasks to view your pending requests.

  2. Locate the assignment request in the list. For single attribute assignments: Single Attribute Business Request For multiple attribute assignments: Multi-Attribute Business Request

  3. To view approvers and approval flow, select the Process Steps tab. Process Steps Approvers

  4. Once approved, navigate to the Item View to check fulfillment status. Item View Fulfillment

    Status options:

    • Open - Pending approval or action
    • Approved - Fulfillment Not Started - Approved but fulfillment has not begun
    • Approved - Fulfillment Succeeded - Approved and fulfillment completed successfully

Verify Assignment Completion

After fulfillment succeeds, verify the assignment:

  1. Navigate to Resource AdminApplicationsCustom Security Attributes.

  2. Search for and click the Details button for the attribute set.

  3. Select the Assignments tab.

  4. Verify the assignment appears in the appropriate view (Users or Service Principals). Resource Admin Assignments

  5. Confirm:

    • Assignee name and email address
    • Attribute name and multi-valued status
    • Data type
    • Assigned values

The assignment can now be edited or deleted as needed from the Actions column.

Next Steps

After assigning attributes: