IDHub connectors can integrate with thousands of applications present. The list of apps that can be integrated with appears in the web-page of IDHub. As an administrator, you can add and provide accounts for end-users of your organisation.

Use the 'Add application' dropdown from the manage catalog to add an application to your system, add users to those applications and configure the provisioning related information using flows.

The connection status is displayed for each app as detailed below:

  • Green dot - Connection is successful OR you have chosen a disconnected application
  • Yellow dot - There is a form or a workflow mismatch
  • Red dot - Connection broken

To add an application:

  1. From the Admin Dashboard, click to the Manage Catalog button to navigate to the catalog management page
  2. Click Add Application dropdown
  3. Click Add Application from the dropdown menu to launch Application Onboarding Wizard (AOW). This AOW allows system administrators to create an application custom made which is deployed for the organisation
  4. Enter the needed information under Basic details, Application Owner, Integration Details, Approval Workflow and Form section, and then click Next
    1. For Basic Details, upload the application logo and name and description along with tags. You can also add the application to a pre-existing role and a collection so that anyone who has/ will request for the role or collection will get this application too
    2. For Application Owner, add the owners of the application as well as the IDM system to which the application is tied-to (This is a unique feature of IDHub as IDHub can connect with multiple IDMs at a single point of time)
    3. For Integration details:
      1. You can chose to make the application a 'Trusted application' or a 'Non Trusted application'.  If you to make the application a 'Trusted application', then you will have to tick the check box "Create Users on Reconciliation", otherwise if you want to the application a 'Non Trusted application', then leave it unchecked. By default it is unchecked.
        Trusted application are those from which the user information is fetched by IDHub and updated in IDHub user profiles as well as the account within the application
        Non-trusted application are those which do not provide user profile information and only account related information are updated while synchronisations
      2. You can chose to make the application a 'Connected application' or a 'Disconnected application'
        If Integration level chosen is Connected then you would need to provide connection url as well as authentication username and password for validation. Reconciliation schedule can also be setup for a Connected system that will synchronise information from the application to IDHub is a timely manner to make sure data is correct at both places
        If Integration level chosen is Disconnected then you would need to provide additional information related to Fulfiller in the Approval Workflow section. This is a group that will be assigned the access request tasks in absence of a connected application
    4. For Approval Workflow, Select one of the workflows from the dropdown list. To add a custom workflow option within this list, see Workflow creation document.
      The IDHub Out of the Box workflows are:
      1. Auto-Approval
      2. Manager-Approval
      3. Group-Approval (Upto 3 level of approvals)
    5. For Attaching a Request Form, Select one of the custom forms created for access-request submission by end-users. If you do not have one, go to Form creation document for more details
    6. Request-able option is provided to restrict showing of sensitive applications to end users. If not selected, the application will not be visible to end-users for requesting
  5. Enter the list of Attribute needed for creating an account in the application.
    If Connected system was selected with valid information, 
    • There is link ‘Fetch Attributes’. You can click on that link and then IDhub would fetch all the account attributes from the target application to IDhub.

    • In case a value is already entered manually in the page, Fetch Attributes would fetch the values from the application and adds below the list of already added attributes. 

      If fetch has been used earlier for the application and/or any one of the current list of attribute contains same value as while fetching attributes, then system opens a popup and will show the following options:

      • Do not sync: This will close the popup and no information will be updated

      • Override data: This will replace the current attribute with the connected application one and user will need to re-enter all other information

      • Add to the List: This will add the attributes to the existing set of attributes and a warning icon (with helptext: Duplicate value) is shown for every attribute that is found with a duplicate attribute name which when edited and saved in "Add attribute" section will disappear. It is to be noted that, when duplicate attribute names are found, next button in the Attribute page will be disabled

    If Disconnected system, the attributes will need to be added manually.

  6. Below are the details to be filled for each attribute.
    1. Application Field Name : This is the Field name that is present in the application
    2. IDE Field Name : This is the IDHub related attribute name.
    3. Data Type : String, boolean, number, date, user
    4. Select Sync direction:

      You have to select the Sync direction. There are 4 types of Sync direction which is provided for each attribute and they are as follows:

      • Bi-directional - This is the default option and it means that for any changes in either of the system (IDHub or the application), data will get updated and it is based on which direction the synchronisation is taking place.

      • App to IDHub Only - It means whenever an account is created or any synchronisation happens, the data will flow from App to IDHub only and not vice versa.

      • IDHub to App Only - Here data will flow from IDHub to app only during synchronisations.

      • No synchronisation - In case you do not wish to perform synchronisation for a specific attribute, you can choose this option.

    5. Required or not : To create account in the application, the specific attribute is required or not
    6. Reconciliation key or not : To perform synchronisation between the account in the application and the IDHub user profile, this attribute is the key or not (Only one key is needed per application)
    7. Multi value or not: If selected this would mean that user can enter more than 1 value in the field by using comma separator. Therefore, for this field user can enter multiple options, while doing reconciliation. Also, while requesting access to the application, user can enter multiple values in this field in the cart request details page.
    8. Unique name or not : To perform synchronisation between the account in the application and the account information in IDHub, this attribute is the key or not (Only one key is needed per application)

      If a custom form is selected, then the attributes which are stated as Required in the Attribute page will need to match with the Required fields in the Custom Form

  7. Enter the list of Entitlements required to be attaching along with the application. If Connected system was selected with valid information,
    • There is link ‘Fetch Entitlements’. You can click on that link and then IDhub would fetch all the entitlements from the target application to IDhub.

    • If fetch has been used earlier for the application and/or any one of the current list of entitlements contains same value as while fetching entitlements, then system opens a popup and will show the following options:

      • Do not sync: This will close the popup and no information will be updated

      • Override data: This will replace the current entitlements with the connected application one and user will need to re-enter all other information.

    If disconnected system, the entitlements will need to be added manually. The different details to be entered are: Entitlement display name, Entitlement name, Search keywords, Description of the entitlement, Approval workflow, Fulfillment info, Certifiable, Risk level and Requestable toggle. and then click Submit
  8. Enter a justification and click Submit again to complete the Onboarding process

Next Step: Approving the application

To approve the application, go to an user which has the Access Manager role.

  1. From the Admin Dashboard, click to the Tasks button to navigate to the tasks management page
  2. Search for the onboarded application using Application Name entered which using the AOW wizard (Logo will be indicated in yellow color as indicated in legends in the page)
  3. Click on the application name card to enter Task Details page
  4. Click on Claim button in the footer and enter justification. Click on Claim button again to submit the action
  5. Click on Approve button in the footer and enter justification. Click on Approve button again to submit the action

This action spins up the process to complete Onboarding of the application into IDHub will all the relevant configurations

Provisioning

As the application is Onboarded, it moves to Enabled state for which allows to automate user creation, revocations and updates to the application

Reconciliation

Using a csv file upload, user information can be updated for the application. For more details, see Reconciliation process

Request Life Cycle

Use the 'IDHub User module' to provide access to end-users of your organisation. To go to User module, chose the Userapp from the Left panel dropdown option near the logo

Roles for applications

For mass updates to a large group of employees under a specific umbrella like Sales Team, roles are used and upon request for a role, the application is provided as well. see Role Onboarding for more details

Other actions that can be performed:

  • Disable an application
  • Enable an application
  • Retire an application
  • Customise an application logo
  • Customise an application workflow
  • Customise an application form
  • Manually reconcile application information
  • Create an application reconciliation schedule
  • Perform an advanced synchronisation