What Are Account Tags
Account tags are a way of classifying users within your environment based on a set of rules. For Example, do all your admin accounts start with “Admin.” or do they all end with “_a”. Tagging lets you know how many different types of accounts are in your environment and where they are stored.
Where Do Accounts Get Tagged
To tag accounts, you need to head over the “Data Sources” in Apporetum, then under “Edit Data Source”, you will see an “Account Types” page. This is where you can start to create various rules for all your account types for that identity provider.
What Is an Identity Provider
Identity providers are companies or pieces of software that store user account information for authentication. Simply, they give you an account to log into things. Think of the “Sign-up with Apple” or “Sign-up with Google” prompts you might have seen on your phone when logging into a website or app for the first time.
What Is a Primary Account
A primary account is used to create an identity within Apporetum. When choosing a primary account, make sure that you choose the account type that will have the most information about your users. The more information available on the account, the more likely it will be able to match to other accounts.
What if the Account Isn’t a Person
Accounts can be in many different formats, such as Calendars, meeting rooms and service accounts. These can all still be tagged if they are available in your Data Source.
Can an Account Be Tagged More Than Once
No, accounts can only be tagged once. If an account is not being tagged correctly, then you might need to tweak some rules or change the priority. The priority is the order in which accounts will be tagged. Accounts get tagged in descending order, this means if you have an account type with a priority of 100, it will process before a type that has a priority of 50. Once an account has been tagged, it will not be processed by a later rule.
How Do You Decide on Account Types to Tag
Deciding which accounts to tag can be a bit tricky, it will depend on how your company manages accounts. Do you put all you admin accounts in the same organisational unit? Do you identify 3rd party/vendor accounts by giving them a certain description? Do all your service accounts start with ‘Service_’? Do all your standard employees have an employee ID?
Once you understand your how your company stores and identifies different accounts, we recommend using the “priority” number to tag anyone that isn’t a standard employee first, then tag the standard employees at the end.
How Do I Create Rules to Tag Accounts
Apporetum uses “Membership Filters” to tag accounts. A membership filter is a collection of rules such as if their email contains a certain word or if a username has a particular prefix. Have a look through the complete list to further understand all the available fields that you can create filters on. You can add more than one rule and you can create groups of rules if the account type is a bit more complex.
Below are some examples of membership filters.
- Example1 – Filtering a single account type
- Example 2 - Grouping Rules
- Example 3 - Azure Guest accounts
How Do You Tag an Account
Head over to one of your Data Sources, click on “Edit”, then “Account Types”. Click on “Create Account Type” and you’ll be presented with a form to fill in.
Filling out this form will create an account type on the Data Source you selected. When you have finished filling out the form, click on “Create account type” at the bottom of the page.
The “Friendly Name” is how this account type will be named on the Data Source. The “Description” is notes for you or other administrators to know what this account type is categorising. The “Account Type” is the tag that will appear throughout Apporetum.
