Currently IDHub has 2 modules being used by 2 different user bases: End-users & Administrators. To avail all the functionalities, the primary user needs to perform below functions:

Step 1 : Setting up User base: 

This is a 2 step process.

Milestone 1: Federating the user base application

  • Before Onboarding your first application, you need to setup keycloak to fetch an get users in your IDHub Keycloak instance. This is required to perform continuous synchronisations with your user data authentication source. - Click here to authenticate and connect your application

Milestone 2: Setting up your first application in IDHub

  • After users are connected and entered the IDHub Keycloak instance, now you would need those users to be connected to IDHub application and be ready for login and using IDHub.
  • For that, Onboard your first application using 'Application Onboarding' functionality of IDHub - Click here to know more about onboarding applications
    • This needs to be the application with which all the users (or employees) information will get synchronised with IDHub on a timely manner - onboard connected application for this
    • In case you do not have an existing application for your existing user base, you can onboard a disconnected application
    • Following user fields are mandatory for your trusted application -
      • Login - This field will be used by all the users to login to IDHub application
      • Email Address - This field will be used to send all notifications for various activities being performed with the application
      • Manager Login - This field will be used to send tasks to respective managers upon requests depending on the workflow
      • Display Name - This field will help in showing user information in the Search catalog
      • Manager Display Name -   This field will be used in adding proxies for a person

Field Mapping

In case, one application of yours does not contain all the necessary fields and information, then you would need to create multiple applications to fetch the above information from across various places.

E.g.: You are getting:

  • From LDAP, user login and display name only which is your trusted user data source AND
  • From Workday or any other HR application, user's email address, manager login and manager display name, which is also your trusted data source


  • IDHub advises to add 2 applications and keep both as trusted applications for various user fields

However, things to be taken care of are:

  • Trusted fields should not be same in both applications as there can be data overrides that may happen due to mismatch of data between the 2 trusted applications

Milestone 3: Reconciling the data

  • If it is a connected application, you need to schedule the synchronization and auto-reconciliation will happen at that time - Click here to know more about IDHub Scheduled Jobs
  • If it is a disconnected application, you need to prepare a file and upload the file in your on-boarded application to synchronize users - Click here to know more about Manual reconciliation

Step 2: Setting up existing accesses of users:

Milestone 4: Collect all applications and entitlements in the organization

  • For setting up accesses already present in the users, you need to list out all applications and permissions levels within each application
  • Next step would be to map all users in the organization with each of those accesses
  • You can also avail new features of IDHub:
    • Custom Forms in applications
    • Custom Workflows

Need help in Implementations?

If you need any assistance to perform the above tasks, contact our IDHub Implementation team for a project based implementation of IDHub for your organization. Our experts would be happy to help make the best use of IDHub!

Milestone 5: Bulk Onboard

  • You would need to onboard all the applications and entitlements in IDHub with our Bulk Onboard functionality - Click here to know more about that

Step 3: Create a Role Based Access Control (RBAC) system

Milestone 6: Freeze roles in the organization

  • Create an xls sheet with Role names, Role Owner, with list of applications and entitlements for each
  • Create a condition to which each role can be auto-assigned (If any such rule exists - E.g. Only US Illinois branch users will get Role no. 45)
  • Map each users with the roles

Milestone 7: Onboard Bulk Roles

  • Insert information of roles in the bulk role template in Admin module of IDHub
  • Approve and Onboard the roles into IDHub

Step 4: Make Administrators

Milestone 8: Request 'System Administrator' Role for other users

  • Go to Search Catalog
  • Search for 'System Administrator' role
  • Add to cart
  • Click on cart and proceed to Cart details page
  • Add users you want to make administrators
  • Submit justification and request for Admin Access
  • Go to Tasks page for approving the admin access request (As an 'Access Manager')

This should create newer admins with their dedicated Keycloak credentials and Admin module access.

Step 5: Share IDHub with Admins and Users

Milestone 9: Share IDHub Login and Password with all administrators and users

  • Get all IDHub Login page URL
  • Get the user credentials from Keycloak (Only userids should be fine)
  • Share the information with all the admins and users of your organization

Congratulations! Every Admins and Users will now be able to use IDHub.

Once the setup is completed, each user base can get started. To know more about those go to the respective 'Getting-started' sections.

User Roles

The following roles are found in a typical IDHub Environment. 

System Administrator Role (An Admin Role)

User with this role gets access to IDHub Admin module. All the functions of an administrator can be performed with this role.

System Admins Can..
  • Explore the Admin Dashboard
  • Explore & Manage Catalog items
  • Create new Application
  • Create New Roles
  • Review Requests
  • Reconcile access data for your application
  • Create custom workflows for Applications, Role and Service Requests
  • Create custom forms for application, roles or service requests
  • Create New Service Request
  • Manage Out-of the box roles and service requests
  • Manage email notifications
  • Create and manage certifications processes
  • Setup administrative configurations, emails and other settings
  • Login to Keycloak and manage User Federations

Access Manager

User that needs approval rights without being an administrator, they can be given this role. These are assigned Access Manager role privileges and can perform:

Access Manager Can..
  • Approve New Application requests
  • Approve Modification requests for Application
  • Approve New Role requests
  • Approve Modification requests for Role
  • Approve New Service Request requests
  • Approve Modification requests for Service Request
  • Approve New Certification definition requests
  • Approve Modification requests for certification definitions

End- User

Users who require, approve or certify access to systems. They can view profiles, access catalogs, manage access related fulfillment or approval tasks using the UserApp.

Users can...
  • Login & Home Page
  • View your Profile in IDHub
  • Search Catalog
  • Access Request
  • Approve/ Reject Tasks
  • Certify Users
  • Save & Share List
  • Manage Proxies
  • Revoke Accesses