Overview

The Banyan Command Center allows you to use templates to define User Roles. These roles combine user attributes and device attributes into a single construct and then enforce security based on those combined attributes.

Please refer to Zero Trust Policies for more information on Banyan Roles and Policies.

This article outlines how to configure common roles.

Create a User Role

To create a User Role, complete the following steps:

1. In your organization’s Banyan Command Center, navigate from Secure Access > Roles, and then select + Add Role.

2. Select the User Role template.

3. Under Role Details, configure the Role Name and Description.

4. Select + Add Role Attribute to get a list of Attributes that can be used to create the Role. The attributes are as follows:

  • By Group -> Enter the name(s) of the Group(s) that match the ones on your IDP

  • By Email -> Enter the relevant email address(es)

  • By Device Ownership -> Select an option or multiple options from the dropdown to ‘Only include devices with the following properties’:

    Corporate Dedicated Corporate Shared Employee Owned Other

  • By Device Registration -> Select an option from the dropdown to ‘Only include known devices (devices that have been registered with Banyan)’:

    True False

  • By Device Management -> Select this option if you want to ‘Only include devices that have the Banyan App deployed by MDM’

  • By Platform -> Select an option or multiple options from the dropdown to ‘Only include devices with the following Operating Systems’:

    Windows MacOS Linux iOS Android Other

Note: Role attributes can be classified as either User based or Device based. Group and Email are User based attributes. You can create a Role based on either Email or Group, but not based on both together.

The remaining four attributes are Device based. You can create a Role based on either or all of these attributes together.

Lastly, you can create a Role based on both User based and Device based attributes.

5. Select Add Role to complete the process.