Skip to main content

Edit IAM Shop Settings for a Client Certificate

As an application owner or delegated administrator, you can configure how a Microsoft Entra client certificate appears in the IAM Shop, EmpowerID's self-service interface. These settings control the credential's display name, visibility, category, and access governance.

Steps to Edit IAM Shop Settings for a Client Certificate

  1. Log in to the Resource Admin portal.

  2. In the Resource Type menu, select Applications and search for the Microsoft Entra application containing the client certificate.

  3. Click the Details button for the application.

    This opens the Overview page for the selected Azure application.

  4. In the left application menu, click Client Certificates.

  5. Locate the client certificate you want to configure.

  6. Click the gear icon on the certificate and select Manage Credential Wizard.
    📸 (Update screenshot here to reflect certificates context if needed)

  7. Under Select Options, choose Edit IAM Shop Settings.

  8. Click Next.
    The wizard opens the Edit IAM Shop Settings for This Credential form, where you can manage how access to this certificate is requested, who can request it, and who is pre-approved.

  9. Under Access Request Policy, click the X next to the existing policy to remove it (if present), then search for and select the appropriate policy that defines the access workflow for this certificate.

  10. Under Eligible Assignees:

    • To add: choose an assignee type from the Choose Type dropdown, search for and select the appropriate person, group, or role, click Add, and repeat as needed.
    • To remove: locate the assignee in the list and toggle the Keep switch to Remove.

    Eligible assignee types include: Person, Group, Set Group, Management Role, Management Role Definition, Business Role and Location.

  11. Under Pre-Approved Assignees:

    • To add: choose an assignee type from the Choose Type dropdown, search for and select the appropriate assignee, click Add, and repeat to add additional users or roles as needed.
    • To remove: locate the assignee in the table and toggle the Keep switch to Remove.

    Pre-approved assignee types are the same as eligible assignees.

  12. Under Suggested Assignees:

    • To add: choose an assignee type from the Choose Type dropdown, search for and select the desired user, group, or role, click Add, and repeat to add others.
    • To remove: locate the record in the assignee table and toggle Keep to Remove.

    Suggested assignee types match those used for eligible and pre-approved assignees.

  13. When all settings are configured, click Next to continue.

  14. Review the Operation Execution Summary confirming the changes.

  15. Click Submit to continue.

  16. On the Finish or Start Over Workflow screen, choose one of the following:

    • Manage the same credential(s)
    • Manage different credential(s)
    • Finish the workflow

  17. Click Submit to complete your selection.

What Happens Next

  • IAM Shop access governance settings for the client certificate are updated.
  • Eligible users can now see and request access to the certificate through the IAM Shop.
  • Pre-approved and suggested assignees are reflected immediately in the IAM Shop.
  • All updates are logged in EmpowerID's audit trail for compliance and visibility.