One of the primary functions of a System Administrator is to manage Applications.

What is an Application?

Application is a target system that an enterprise is using and wishes to manage permissions and account of.

IDHub can integrate with thousands of applications to manage provisioning and de-provisioning of all enterprise users. For a connected application (for which an active integration is present), IDHub monitors and maintain the connection to manage accounts and their permissions for the application.

IDHub provides an option for system administrators to:

  • Connect applications to IDHub for seamless request accounts and permissions with the application from IDHub platform
  • Add disconnected applications within IDHub along with list of entitlements for each application that can be manually fulfilled by an IT Team
  • Onboard all the applications (Both connected and disconnected) via a single file upload

After the application is customised to the organisation's needs, end users can:

  • Request the application through a centralised catalog repository with a shopping cart experience

System administrators can use our custom connectors to connect to other applications and pull data into IDHub directly. To know more about the connectors, see the Connectors page

IDHub provides integrations for:

  • On cloud apps for provisioning and deprovisioning
  • On premise web-based applications
  • On premise support for applications that exposes APIs publicly for provisioning

Connected Applications

The system administrator can connect to any applications for which connectors are made or APIs are exposed. The connection can be established either by:

  • Single application onboard (via wizard) OR
  • Bulk application onboard (via file upload)

In both the cases, administrator needs to make sure that the connection is established with a pre-existing connector in IDHub or a custom connector is built by support team.

IDHub asks for credentials for the application to establish the link. IDHub stores the credentials and uses it to validate the connection.

Once key is validated, all the attribute information and entitlement information is pulled into IDHub and managed.

While configuring the application, you can setup the application so that:

  • Attribute specific synchronisation is happened between IDHub and the application
  • Entitlement specific synchronisation is present
  • Customise user response form which is specific to the application that the end-user fills every time they request for the application
  • Customise workflow that can have it's own level of approvals with customised forms attached at each level as desired
  • Automated fulfilment and creation/revocation of accounts
  • Automation fulfilment of user attributes with applications (If the application is a trusted application - From where user information is coming)
  • Automated fulfilment of account's entitlements (permissions) with the application
  • Upstream synchronisation: Below options will be present for each application:
    • Do not update any information
    • Update account only
    • Update user attributes only
    • Update both account and user attributes
  • Downstream synchronisation:
    • Do not update any information
    • Update account only
    • Update user attributes only
    • Update both account and user attributes

This will help users in synchronising only desired attributes into user profile in IDHub and vice-versa.

Note: There are many organisations which have user information coming from multiple applications. It is important to configure attribute synchronisation keeping in mind that the attributes synchronisation do not overlap between those applications 

Sensitive applications

For sensitive applications, IDHub provides an option to not be requested by any end-user and the application can be provided via Role based access and certain conditions only.

Password Changes

If the administrator password gets changed, below steps will need to done to re-establish the connection with the connector:

  1. Go to Manage Catalog page
  2. Click on Edit icon for the application that has lost the connection
  3. Change the password in the Connection details section in the wizard
  4. Submit the application request again for approval by Access Manager group
  5. Once approved, the password will be changed and the connection will be restored

The Reveal Password feature is disabled while editing the application, as any administrator with access to managing the application can edit the application and will not have access to the password.

More about IDHub Provisioning

IDHub Application Life Cycle has many functionalities within itself. It includes:

  • Importing application information into IDHub
  • Setting up access-request flow for the application
  • Setting up custom forms required in the access-request flow
  • Setup roles associated with the application
  • Configure birth-right rules for set of applications present in a role
  • Provisioning to and from applications
  • De-provisioning to and from applications
  • Reconciliation of information from application to IDHub and vice-versa
  • Disable/ Enable an application for temporary access-restriction
  • Retiring of an application

The above functionalities follow the commonly used principle of CRUD - Create, Read, Update and Delete user accounts in an application

IDHub Triggers

During the employee life cycle in an organisation, there are various stages in which access related information needs to be updated. Some of them are:

  • Joining in the organisation
  • Promotions & Demotions
  • Employee position or role change
  • Application license expiration
  • Employee Termination
  • Employee Rehires etc.

During all the above life cycle changes, IDHub roles and certification process can be defined to trigger a automatic account update based on the event.