For Onboarding Applications into IDHub, there are 2 ways:
- Single Application Onboarding
- Bulk Application Onboarding
Single Application On-boarding
An application can either be
- Connected to IDHub
- Disconnected from IDHub
What is Connected Application?
Functions of connected application is that
- New Accounts - An account can get automatically created once requested by any member of your organization via IDHub
- Revoke Accounts - Auto-Revocation of account will happen seamlessly without any manual interactions with the system
- Synchronizations - Auto-validation of user access's and timely synchronizations can happen with the connected system
- Criteria based Synchronizations - A specific user sync can also be requested to avoid mass synchronizations from an application to IDHub
What is Disconnected Application?
Functions of disconnected application is that
- New Accounts - Someone from your organization would need to manually copy paste the user information in your application and create an account for requester
- Revoke Accounts - Someone from your organization would need to manually go an revoke user account from your application
- Synchronizations - No synchronizations occur automatically for this application. Reconciliation can be availed to update IDHub information based on application data
- Criteria based Synchronizations - No such feature will be present for disconnected application
How do I on-board my Connected Application for which a connection has been established?
For Onboarding an application, a connection needs to be established by your application and IDHub. E.g.: Establish a Connection with Your LDAP Application Explained.
If you have established the connection, first step is Requesting for the application:
Requesting for an Application
- Login to IDHub application with Administrator credentials
- Go to Manage Catalog Page
- Click on Application drop-down
- Click on Add Single Application option
- You will be navigated to Application Onboarding section
- Upload a Logo for the application (if any)
- Add the Application Name (Make sure to add it correctly as this will be displayed across IDHub and is not editable again)
- Enter Description
- Enter Search Keywords (For easy identification at a later stage)
- Add to Role - If you want to associate with an already added Role
- Add to Collection - If you want to associate with an already added Collection
- Business Owner - The one that has business ownership of this application
- IT Owner - The one that would be solely responsible for the functioning of this application
- IDM - Select which IDM Version you want to associate this application (As IDHub can associate itself with multiple IDMs at a single point of time, you can chose which application would you like to associate the application with)
- Choose 'Connected' from Integration Level drop-down
- Enter Connection URL which was identified while establishing the connection for the application (See Application.yml file for your chosen connected app)
- Choose the authentication type -
- OAuth2 Authentication
- Select Trusted Reconciliation as:
- Yes - If you wish to Onboard users to IDHub from this Application via Reconciliation - To know more about it, go to the IDHub Guide
- No - If you not wish to add users into IDHub from this Application via Reconciliation
- Choose a scheduler time as per your need on which you wish to have periodic synchronizations between IDHub and your Application
Note: Every time a reconciliation scheduler runs, a log gets created in the Reconciliation log section of the application. Details can be viewed for the scheduled job in there
- Choose a workflow as desired from the list of workflows that IDHub supports
- Choose Tags for Certification (if needed to identify later)
- Choose a Risk level - In case for identification later
- Select Requestable - If you wish to make it request-able by others in your organization
Click on Next after adding all the above Information.
- If the authentication is validated you will be moved to Attribute page, else correct information will be required to be added
Things to Note:
- All the fields may be synchronized from the application itself (if the connection is established as per recommended steps) upon click of "Fetch Attribute" button
- You will have ability to edit attributes in this section
- You would need to have at least 1 Reconciliation Key and 1 Unique Field in your attribute list to move forward
- Complete all the required/ non required attribute information to proceed
- All the fields may be synchronized from the application itself (if the connection is established as per recommended steps) upon click of "Fetch Entitlements" button
- You will have ability to edit entitlements in this section
- This page is not mandatory to fill for disconnected apps
- For connected apps once entitlements are fetched, the required data will be auto-filled for your convenience. If you wish to alter anything, you can.
- You would need to submit justification to request for the application
Congratulations! The request for Onboarding an Application is completed at this stage.
Approving the Requested Application
For Approving the Onboarding of the application, you would need to:
- Login with a user that has 'Access Manager' Role with them - Getting Started as an Access Manager Explained.
- Go to Tasks Page
- Claim the added Application
- Approve the added Application
- Logout of IDHub and login with the requester
- Navigate to Manage Catalog
- You will be able to see the Added Application in there
Validation of Application On-boarding
- Go to Search Catalog Page (If you had made the application Requestable)
- Request for the On-boarded Application
- Complete the Workflow that was chosen
- If Auto-approval - Go to My Profile of the requested user and view the application
- If Manager-Approval - Go to Manager to approve the request and complete workflow
- If Group Approval - Go to Individual Group members to approve the request and complete workflow
- Once Workflow is completed and validated in the Requests Page by the requester, the application can be seen in the My Profile Section too
- Click on the Application in the My Profile Section and see Provisioned Status in the Right Hand Side Panel
- Go to your Application and check that the user account was created with the desired account name
Congratulations! You have successfully established a Connected System into IDHub.
You are good to go for releasing IDHub to rest of the members of your company.
Have you on-boarded your company employees into IDHub? On-board New Users into IDHub Explained.