www.gsx.com | log in | register

Last update: . Author: Olivier RAYNAUT .

Working with Authorization Policies

GSX 365 Administration facilitates role-based access control. That means you use it to grant permission for someone to do something, against something. For example, an administrator might grant permission for people to access a certain application. Or, an office manager might grant access for others in the office to use certain resources.

A GSX 365 Administration admin configures authorization policies to specify who can perform certain actions within an organizational unit, and the conditions associated with those actions.

There are 4 pieces to an authorization policy:

  • Tenant: Authorization policy is applied to a certain tenant. For example, North America.
  • Delegate: The person to which rights are granted. They can do something with the tenant. For example, VP of Operations.
  • Action: The activity the person can perform. For example, update user.
  • Conditions of the action: Any conditions related to the delegate performing the action. For example, when the VP of Operations updates a user’s information, you can specify whether they can see/update all of the user’s attributes or only some of them.

When an authorization policy grants someone rights to perform a certain action, that person logs in to GSX 365 Administration to perform the action.

For example, let’s say a manager can perform certain actions (like setting out of office messages and granting access to SharePoint resources) to the users on their team. The manager uses single sign-on (via their Office 365 credentials) to log in to GSX 365 Administration and perform the actions. Actions performed by the manager are pushed to other applications (for example, Exchange Online). It’s important to note the manager’s GSX 365 Administration instance only shows options that are relevant to the activities they can perform in the application.

Setting up a new authorization policy

Follow the steps below to create an authorization policy.

  1. In the left menu, expand Policies and select Authorization.
  2. Click Add.
  3. Enter a name for the policy.
  4. Specify settings, if desired:
  • Default user policy: Select this option if the policy applies to all organizational units in a tenant. For example, select this option if you want the helpdesk to be able to update all users in the organization.
  • Self service: Select this option if you want a user to be able to perform a certain specific action on their own user object when they log in. For example, select this option if you want a user to be able to update their own phone number and address.
  1. Assign the policy to virtual organizational units and/or individual users:
  • Virtual organizational unit(s): Under Assignment > Organizational units, click Add. Select the organizational unit(s) where the policy will apply, and click Add.
  • Individual user(s): Select the Assign to tab and click Add. Select the user(s) who will have the right and click Add.
  1. Apply to tab and select users to which the policy will apply. For example, if a manager makes updates only to their direct reports, this tab filters the users in the organizational unit to show only those who the manager can change.
  2. Select the Actions tab and click Add.
  3. Locate the action(s) you want to assign and click Add.
  4. Select the Properties tab and select any conditions. For more information, click here.
  5. Click Save to create the authorization policy.

Viewing an authorization policy

There are a few ways you can locate and view an authorization policy. Either:

  • From the list of authorization policies (open by selecting Policies > Authorization in the left menu), search or locate the policy and click on its name to open it.
  • From the organizational units list, click the ellipses (…) button next to the organizational unit to which the policy applies and then select Authorization policies.

Editing or deleting an authorization policy

To edit or delete an existing authorization policy, complete the steps below.

  1. In the left menu, select Policies > Authorization.
  2. Locate the policy you want to edit or delete and select it.
  3. Either:
  • Click Edit, make desired changes, and click Save to apply the edits.
  • Click Delete and confirm the delete action.

Delegating action(s) to an authorization policy

Follow these steps to delegate an action to an authorization policy:

  1. In the left menu, go to Policies > Authorization.
  2. Select an existing policy, and then click Edit.
  3. In the Assignment frame, select Actions, and then click Add.
  4. Locate the action(s) you want to add, select it/them, and then click the blue Add button located in the top right corner of the window.
  5. Select the Properties tab and select any conditions. For more information, click here.
  6. Click the blue Save button.

Was this article helpful?

0 out of 0 found this helpful

Not finding what you are looking for?

Have more questions? Submit a request