Welcome to the IDHub Quick Setup Guide!
Within this guide, you will find the recommended first steps for getting your IDHub account configured and ready to review accesses of your employees.
The document is divided into 3 parts
Installing the product for primary system administrators of the organisation
Admin guide for the system administrators for customizing features
User guide for users of the system, typically employees and contractors of the organisation
We recommend that all system administrators configure IDHub first, and then use authentication mechanisms for providing access to all users. If you happen to be a user, contact your system administrator on how to best login to your account in IDHub or visit our User Guide for more information
IDHub provides single-license accounts to entire organisation, so by default the first user is also the account admin.
Welcome, system administrators!
Hopefully you have procured IDHub and looking to get started with configuring your account and you are ready for the larger, account-wide customization.
The details for each topic mentioned below are relatively long, but it is important to setup your account in a correct manner for all employees in your organization to have a smoother experience while accessing request to any applications, and it will minimize the questions that comes with adopting a new application.
Note: If you have any questions with regard to our features listed below, please contact Support
For Primary Administrator
Below functions are needed:
For installation of IDHub in your self hosted environment, please follow the below steps:
The server environment has been set up
Docker has been installed as per IDHub system requirements.
SSL Key is present
SSL Certificate is present
The IDHub version to be installed, is known.
The IDHub package for the version to be installed is downloaded.
If all the things mentioned above are completed, Lets get started with the installation!
Running Command Prompt
Firstly, open an elevated command prompt in your system to start the installation.
The commands shown in Code Block below are advised to be used:
It is advisable to move the file to path extension: /apps/idhub via command prompt.
It is mandatory to decompress tar file based on the IDHub version downloaded. You would need to enter the IDHub version number in place of <version>
It is mandatory to map SSL cert files via other command prompts shown below, but keep the name of the cert files as per below, as those are defined in the application as a part of configuration.
Install.sh is needed for Installation in your environment.
Run as root or using sudo to run the commands.
cd /apps/ curl https://download.sath.com/files/idhub-docker-<version>.tar.gz tar -xvzf idhub-docker-<version>.tar.gz cp </path/to/ssl.key> /apps/idhub-docker-<version>/config/nginx/ssl.key cp </path/to/ssl.crt> /apps/idhub-docker-<version>/config/nginx/ssl.crt cd /apps/idhub-docker-<version>/ ./Install.sh
You will receive an output like this:
"Stack is Up and Running"
Congratulations! At this point, you should have successfully completed installation of IDHub, in your environment.
IDHub currently has two modules, which are used by two different user bases: End-users & Administrators. To utilize all functionalities, the primary user should perform the below functions:
Step 1 : Setting up User Base
This is a three step process:
Milestone 1: Federating the User Base Application
- Before on-boarding your first application, you need to setup Keycloak, to fetch users in your IDHub Keycloak instance. This is required to perform continuous synchronizations with your user data authentication source. Application Management Explained.
Milestone 2: Setting up Your First Application
- After users are connected and entered into the IDHub Keycloak instance, you will need to connect those users to IDHub applications, in order for them to use IDHub.
- Add an Application Explained.
- This Application should be one for which all user (or employee) information will be synchronized within IDHub on a timely manner. This should be a connected Application.
- In the event you do not have an existing application for your existing user base, you can onboard a disconnected application.
- The following user fields are mandatory for your trusted application:
- Login - This field will be used by all the users, to login to IDHub.
- Email Address - This field will be used to send all related notifications within IDHub.
- Manager Login - This field will be used to send tasks to respective managers upon requests, depending on the workflow.
- Display Name - This field will help in showing user information in the Search Catalog.
- Manager Display Name - This field will be used for adding proxies.
In the event that one Application does not contain all the necessary fields and information, you would then need to create multiple Applications to fetch the above information, from across various places.
E.g.: You are getting:
- From LDAP - user login and display name, which is only your trusted user data source
- From Workday (or any other HR Application) - user email address, manager login, and manager display name, which is also your trusted data source
- IDHub advises to add two Applications, both as trusted applications for various user fields.
However, things to be taken care of are:
- Trusted fields should not be same in both Applications, as there can be data overrides which may happen, due to mismatch of data between the two trusted Applications.
Milestone 3: Reconciling the Data
- For Connected Applications:
- You'll need to schedule the synchronization and auto-reconciliation - IDHub Scheduled Jobs Explained.
- For Disconnected Applications:
- You'll need to prepare and upload the file in your on-boarded Application to synchronize users - Manual Reconciliation Explained.
Step 2: Setting up Existing Accesses of Users
Milestone 1: Collect All Applications and Entitlements in the Organization
- For setting up accesses already present in the users, you need to list out all Applications and permission levels within each Application.
- Next, you'll need to map all users in the organization, with each of those accesses.
- New Features of IDHub:
- Custom Forms in applications
- Custom Workflows
Need help in Implementations?
If you need any assistance to perform the above tasks, contact our IDHub Implementation Team. Our experts are happy to assist with IDHub!
Milestone 2: Bulk On-board
- You'll need to on-board all Applications and Entitlements into IDHub, with our Bulk On-board functionality - Bulk Upload Applications Explained.
Step 3: Create a Role Based Access Control (RBAC) System
Milestone 1: Freeze Roles in the Organization
- Create an xls sheet with Role names, Role Owner, and a list of Applications and Entitlements for each.
- Create a condition to which each Role can be auto-assigned. (If any rule exists: example - only US Illinois branch users will receive Role no. 45)
- Map each user to the Roles
Milestone 2: Onboard Bulk Roles
- Insert information of Roles in the bulk Role template in Admin Module of IDHub
- Approve and on-board the Roles into IDHub
Step 4: Make Administrators
Milestone 1: Request 'System Administrator' Role for other users
- Go to Search Catalog
- Search for "System Administrator" Role
- Add to cart
- Click on cart and proceed to cart details page
- Add users who you'd like to make administrators
- Submit justification and request for Admin Access
- Go to tasks page for approving the admin access request (As an 'Access Manager')
This should create new admins with their dedicated Keycloak credentials and Admin Module access.
Step 5: Share IDHub with Admins and Users
Milestone 1: Share IDHub Login and Password with All Administrators and Users
- Get IDHub Login page URL
- Get the user credentials from Keycloak (only userids should be fine)
- Share the information with all the admins and users of your organization
Congratulations! Every Admin and User will now be able to use IDHub.
Once the setup is completed, each user base can get started. To know more about those go to the respective "Getting Started" sections - Getting Started as a System Administrator and Getting Started as an End-User
The following roles are found in a typical IDHub Environment:
System Administrator Role (An Admin Role)
Users with this Role, receive access to the IDHub Admin Module.
Administrator Role privileges are listed below:
- Explore the Admin Dashboard
- Explore & Manage Catalog items
- Create new Application
- Create New Roles
- Review Requests
- Reconcile access data for your application
- Create custom workflows for Applications, Role and Service Requests
- Create custom forms for application, roles or service requests
- Create New Service Request
- Manage Out-of the box roles and service requests
- Manage email notifications
- Create and manage certifications processes
- Setup administrative configurations, emails and other settings
- Login to Keycloak and manage User Federations
Users who need approval rights, without being an Admin, can be assigned this Role.
Access Manager Role privileges are listed below:
- Approve New Application requests
- Approve Modification requests for Application
- Approve New Role requests
- Approve Modification requests for Role
- Approve New Service Request requests
- Approve Modification requests for Service Request
- Approve New Certification definition requests
- Approve Modification requests for certification definitions
Users who do not require approval rights, can be assigned this Role.
End-User Role privileges are listed below:
- Login & Home Page
- View your Profile in IDHub
- Search Catalog
- Access Request
- Approve/ Reject Tasks
- Certify Users
- Save & Share List
- Manage Proxies
- Revoke Accesses
If you completed above points, you are done with the setup of IDHub for your organisation. Next is configuring IDHub and it’s workflows based on your specific needs. For that, see below system administrator functions
For other administrators (than primary)
To configure IDHub and onboard and get users setup to IDHub
What are Service Requests?
Service Requests are used for managing IT and Operational related services, and assist organizations by helping to facilitate tangible and intangible services, used within the business, which can be requested by any user within IDHub.
Service Requests empower organizations by standardizing IT and operational processes and commonly requested services, as well as provide detailed tracking related to those requests.
IDHub Service Requests are are broken down into the following categories:
- In-House Requests
- Travel & Accommodations
- User Modifications
- Device Request
- Office Equipment
- Safety Equipment
- Telecom Equipment
- Other Requests
Below are some commonly used Service Requests:
- Document Creation
- Simple Graphics
- Promotional Materials
- Policy Document Update
- Time-Sheet Update
- Create a User
- Modify a User
- Terminate a User
- Lock Account
- Password Resets
Who can create Service Requests?
System Administrators and Access Managers have permissions to create any type of Service Request needed within their organization. Although, IDHub can be configured to provide these permissions to any Role, as needed.
IDHub offers a few out-of-the-box Service Requests, related to the User Life-cycle, which can be modified if needed:
- Create New User
- Disable/Enable User
- Modify User
- Remove User
- Reset Password
How can I create a Service Request?
Adding a new Service Request is a breeze with IDHub. Simply login with admin credentials, navigate to the “Service Request” page, and click on “Create Request”.
After clicking on "Create Request", the Service Request creation wizard will open, allowing you to enter the required information:
- Service Request Type
- Request Name
- Approval Workflow
Approval Workflows have their own dedicated wizard, used to create any Custom Approval Workflow imaginable. When configuring an Approval Workflow, you can choose what category(s) the workflow will be used for. Service Requests are a category.
If the Approval Workflow needed for the new Service Request is not shown as an option, you will need to go into the workflow you choose, and add "Service Request" to the category drop-down. This will allow that specific Approval Workflow, to be a choice when creating a new Service Request.
Custom Forms can be attached to Service Requests, requiring the user who is requesting, to complete the form as part of the request process.
If you choose to use a Custom Form, you can either create a new form, or select a pre-existing form.
Custom Forms are not required.
Who approves the newly created Service Request?
Only Access Managers have the permissions to approve newly created Service Requests, before they become available for users to request.
Once the new Service Request has been submitted, an Access Manager will receive a task to approve the new Service Request.
Once approved, the Service Request will be available on the "Search Catalog" page, along with all other active requestable resources, for users to request. (As long as it was configured as "Requestable")
How can I track my request to create a new Service Request?
Tracking any request can be done from the "Requests" page, within any IDHub user account.
Simply click on the specific request, and easily view all details regarding the request process.
Note: In the below image, Jerome is an Access Manager, and he created this new Service Request, which is why he also "Claimed" and "Approved" the task to create the new Service Request, "Key Card Access".
Administrators can also manage email templates that are present in IDHub
How can I setup my own SMTP email?
You can add your own details for SMTP setup from 'Admin Settings' Tab
Go to 'Email Configuration' sub-tab from the list
Click on Edit to customise your information
How can I manage existing templates?
To manage templates, you have to click on 'Email Templates' from the left panel
You can create your own template by clicking on 'Create New' button
You can add custom attributes and edit templates as per your organisation needs with custom logos and texts
You can also use 'Code View' for existing Email template and re-use as needed.
Click on 'Activate' to create and use the template.
How can I view the mails sent for each template type?
IDHub also provides an option to review sent mails for each template.
Click on View for any existing template from the list view.
There are 2 Tabs in the Viewing of Email Template:
Here details of the template and preview of how it will be sent is shown
In Logs Tab, you will be able to search for an user based mails sent or email or date or status. The complete list is provided for admins to get a preview in case more information is needed.
Purpose of the Document
In this document, we would be discussing how to create a new custom workflow.
How to create a New Custom Workflow
For this go to the workflows section (you need to be a system administrator role in order to access this section). By default the system would be showing the out of the box workflows that is already present at IDHub under the Workflow Tab.
As shown in the screenshot below, in the right hand side of the page, there is “Create Workflow” button.
When you click on that button this opens up a separate page, which is custom workflow editor.
After you click on the Create Workflow button, IDHub would be showing you the Workflow editor section, as is shown in the screenshot below:
The different sections of this page is described below:
Name of the Custom workflow
At the top left section of the editor we have a small pencil icon. If you click on that icon, the system shows the following in a right hand side panel (shown in the screenshot below)
In the right hand side panel, you are supposed to enter the following details about the custom workflow that you are going to create.
- Workflow name* (this is a mandatory)
- Category (drop-down) (this is a mandatory)
When you click on the category, system would be showing the following options:
You can go ahead and select on or more category from the above options provided.
- Request states
- Select custom form (if there are any custom form associated with the workflow, then you can select it from the drop-down)
Then we have the nodes section as is shown in the screenshot below:
For a comprehensive understanding of IDHub if you are a user (employee of an organisation) that wishes to request for accesses of applications and permissions, follow our User Guide for more information.