The following role policy creates an Employee role. Because the role does not include conditions, all authenticated users are assigned to this role when they log in. This role can then be used to grant access to resources to all users in your user stores.
Click Devices > Identity Servers > Edit > Roles > Manage Policies > New.
Select a policy type of Identity Server: Roles and specify a display name, such as Employee.
Click OK.
On the Edit Policy page, specify a description in Description.
It is important to use this field to keep track of your roles and policies. The policy feature is powerful, and your setup can be as large and complex as you want it to be, with a potentially unlimited number of conditions and choices. This description is useful to help keep track of various role and policy configurations.
Ensure that the Condition Group 1 section has no conditions, so that all users who authenticate match the condition.
In the Actions section, click New > Activate Role.
In the Activate Role box, type Employee, then click OK.
If this role needs to match the name of a role required by a Java or web application, ensure that the case of the name matches the application’s name.
Click OK > Apply Changes > Close.
On the Role Policy page, select the Employee role, then click Enable.
Click OK, then update Identity Server.
To create a Manager role, continue with Creating a Manager Role.