Welcome to the IDHub Quick Setup Guide!

Within this guide, you will find the recommended first steps for getting your IDHub account configured and ready to review accesses of your employees.

The document is divided into 3 parts

  • Installing the product for primary system administrators of the organisation

  • Admin guide for the system administrators for customizing features

  • User guide for users of the system, typically employees and contractors of the organisation

We recommend that all system administrators configure IDHub first, and then use authentication mechanisms for providing access to all users. If you happen to be a user, contact your system administrator on how to best login to your account in IDHub or visit our User Guide for more information

IDHub provides single-license accounts to entire organisation, so by default the first user is also the account admin.

Admins

Welcome, system administrators!

Hopefully you have procured IDHub and looking to get started with configuring your account and you are ready for the larger, account-wide customization.

The details for each topic mentioned below are relatively long, but it is important to setup your account in a correct manner for all employees in your organization to have a smoother experience while accessing request to any applications, and it will minimize the questions that comes with adopting a new application.

Note: If you have any questions with regard to our features listed below, please contact Support

For Primary Administrator

Below functions are needed:

Install IDHub

For installation of IDHub in your self hosted environment, please follow the below steps:

Prerequisites

  • The server environment has been set up

  • Docker has been installed as per IDHub system requirements.

  • SSL Key is present

  • SSL Certificate is present

  • The IDHub version to be installed, is known.

  • The IDHub package for the version to be installed is downloaded.

If all the things mentioned above are completed, Lets get started with the installation!

Running Command Prompt

Firstly, open an elevated command prompt in your system to start the installation.

The commands shown in Code Block below are advised to be used:

  • It is advisable to move the file to path extension: /apps/idhub via command prompt.

  • It is mandatory to decompress tar file based on the IDHub version downloaded. You would need to enter the IDHub version number in place of <version>

  • It is mandatory to map SSL cert files via other command prompts shown below, but keep the name of the cert files as per below, as those are defined in the application as a part of configuration.

  • Install.sh is needed for Installation in your environment.

  • Run as root or using sudo to run the commands.

cd /apps/
curl https://download.sath.com/files/idhub-docker-<version>.tar.gz
tar -xvzf idhub-docker-<version>.tar.gz

cp </path/to/ssl.key> /apps/idhub-docker-<version>/config/nginx/ssl.key
cp </path/to/ssl.crt> /apps/idhub-docker-<version>/config/nginx/ssl.crt

cd /apps/idhub-docker-<version>/
./Install.sh
BASH

You will receive an output like this:

"Stack is Up and Running"

Congratulations! At this point, you should have successfully completed installation of IDHub, in your environment.

Create a new tenant

To start IDHub, the first user, which is the account admin, will need to create a new tenant for themselves in their self hosted environment. To do that, below steps are needed to be performed.

Navigation to Setup Page 

After installing IDHub, navigate to the Registration and Setup page.

Navigate to https://<idhub.fqdn>/idhub/admin.

Procure Tenant Admin Login Password

After Navigating to https://<idhub.fqdn>/idhub/admin, you will be asked to enter the Tenant Login Password.

Procure Your Password Here.

Setup Step 1: Register Account in IDHub

Fill out the Register form.


It is to be noted that:

  • The username entered will be used for login, and should be written down and remembered.

  • The Password entered should be the same as the Confirm Password.

Setup Step 2: License Activation and Validation

Currently, IDHub provides two types of licenses; a free 30-day trial license and annual licenses.

If you have purchased a plan or received a free trial license key, enter the license key information.

In the event license validations are unsuccessful, contact our IDHub Team for more information.

Setup Step 3: Terms and Conditions

After validating your license, the final step is the terms and conditions section.

Accept the terms and conditions of the agreement to continue. You can also download the terms and conditions in pdf format for your records.

Setup Step 4: Review Summary and Start Installation

Finally, review the summary of your account and plan to obtain a licensed installed instance of IDHub, which will be ready for setup.


  • Once the install is completed, you will automatically be redirected to the IDHub login page, where you can enter your credentials which were used on the Register Page.

Next Steps

At this point, you should have successfully installed IDHub, as well as logged into IDHub, as the first user.

You can now start setting up your organization, by doing the following activities:

  • On-Boarding Users:

    • Keycloak Setup

    • Establish connection with a connector

  • On-boarding Applications

  • Setting up new Roles

  • Request for Roles and Applications

  • Create other Administrators

You can now start Setting Up You Organization.


Related content

Need more help?

Folks at IDHub are ready to support you.

Ask the IDHub Team


Setup your organisation

IDHub currently has two modules, which are used by two different user bases: End-users & Administrators. To utilize all functionalities, the primary user should perform the below functions:

Step 1 : Setting up User Base

This is a three step process:

Milestone 1: Federating the User Base Application
  • Before on-boarding your first application, you need to setup Keycloak, to fetch users in your IDHub Keycloak instance. This is required to perform continuous synchronizations with your user data authentication source. Application Management Explained.
Milestone 2: Setting up Your First Application
  • After users are connected and entered into the IDHub Keycloak instance,  you will need to connect those users to IDHub applications, in order for them to use IDHub.
  • Add an Application Explained.
    *Note: 
    • This Application should be one for which all user (or employee) information will be synchronized within IDHub on a timely manner. This should be a connected Application.
    • In the event you do not have an existing application for your existing user base, you can onboard a disconnected application.
    • The following user fields are mandatory for your trusted application:
      • Login - This field will be used by all the users, to login to IDHub.
      • Email Address - This field will be used to send all related notifications within IDHub.
      • Manager Login - This field will be used to send tasks to respective managers upon requests, depending on the workflow.
      • Display Name - This field will help in showing user information in the Search Catalog.
      • Manager Display Name - This field will be used for adding proxies.

Field Mapping

In the event that one Application does not contain all the necessary fields and information, you would then need to create multiple Applications to fetch the above information, from across various places.

E.g.: You are getting:

  • From LDAP - user login and display name, which is only your trusted user data source
  • From Workday (or any other HR Application) - user email address, manager login, and manager display name, which is also your trusted data source

Then:

  • IDHub advises to add two Applications, both as trusted applications for various user fields.

However, things to be taken care of are:

  • Trusted fields should not be same in both Applications, as there can be data overrides which may happen, due to mismatch of data between the two trusted Applications.
Milestone 3: Reconciling the Data


Step 2: Setting up Existing Accesses of Users

Milestone 1: Collect All Applications and Entitlements in the Organization

  • For setting up accesses already present in the users, you need to list out all Applications and permission levels within each Application.
  • Next, you'll need to map all users in the organization, with each of those accesses.
  • New Features of IDHub:
    • Custom Forms in applications
    • Custom Workflows

Need help in Implementations?

If you need any assistance to perform the above tasks, contact our IDHub Implementation Team. Our experts are happy to assist with IDHub!

Milestone 2: Bulk On-board

Step 3: Create a Role Based Access Control (RBAC) System

Milestone 1: Freeze Roles in the Organization
  • Create an xls sheet with Role names, Role Owner, and a list of Applications and Entitlements for each.
  • Create a condition to which each Role can be auto-assigned. (If any rule exists: example - only US Illinois branch users will receive Role no. 45)
  • Map each user to the Roles
Milestone 2: Onboard Bulk Roles
  • Insert information of Roles in the bulk Role template in Admin Module of IDHub
  • Approve and on-board the Roles into IDHub

Step 4: Make Administrators

Milestone 1: Request 'System Administrator' Role for other users
  • Go to Search Catalog
  • Search for "System Administrator" Role
  • Add to cart
  • Click on cart and proceed to cart details page
  • Add users who you'd like to make administrators
  • Submit justification and request for Admin Access
  • Go to tasks page for approving the admin access request (As an 'Access Manager')

This should create new admins with their dedicated Keycloak credentials and Admin Module access.

Step 5: Share IDHub with Admins and Users

Milestone 1: Share IDHub Login and Password with All Administrators and Users
  • Get IDHub Login page URL
  • Get the user credentials from Keycloak (only userids should be fine)
  • Share the information with all the admins and users of your organization

Congratulations! Every Admin and User will now be able to use IDHub.


Once the setup is completed, each user base can get started. To know more about those go to the respective "Getting Started" sections - Getting Started as a System Administrator and Getting Started as an End-User



User Roles

The following roles are found in a typical IDHub Environment:

System Administrator Role (An Admin Role)

Users with this Role, receive access to the IDHub Admin Module.

Administrator Role privileges are listed below:


System Admin Permissions:
  • Explore the Admin Dashboard
  • Explore & Manage Catalog items
  • Create new Application
  • Create New Roles
  • Review Requests
  • Reconcile access data for your application
  • Create custom workflows for Applications, Role and Service Requests
  • Create custom forms for application, roles or service requests
  • Create New Service Request
  • Manage Out-of the box roles and service requests
  • Manage email notifications
  • Create and manage certifications processes
  • Setup administrative configurations, emails and other settings
  • Login to Keycloak and manage User Federations
Getting Started as a System Administrator.




Access Manager

Users who need approval rights, without being an Admin, can be assigned this Role.

Access Manager Role privileges are listed below:


Access Manager Permissions:
  • Approve New Application requests
  • Approve Modification requests for Application
  • Approve New Role requests
  • Approve Modification requests for Role
  • Approve New Service Request requests
  • Approve Modification requests for Service Request
  • Approve New Certification definition requests
  • Approve Modification requests for certification definitions






Getting Started as an Access Manager.


End- User

Users who do not require approval rights, can be assigned this Role.

End-User Role privileges are listed below:


End-User Permissions:
  • Login & Home Page
  • View your Profile in IDHub
  • Search Catalog
  • Access Request
  • Approve/ Reject Tasks
  • Certify Users
  • Save & Share List
  • Manage Proxies
  • Revoke Accesses




Getting Started as an End-User.

If you completed above points, you are done with the setup of IDHub for your organisation. Next is configuring IDHub and it’s workflows based on your specific needs. For that, see below system administrator functions

For other administrators (than primary)

To configure IDHub and onboard and get users setup to IDHub

Add a new application
Add a new role

IDHub Role creation is done through the "Create Role" wizard in the Manage Catalog Page of Admin Console. It requires completion of a set of forms for: 

  • Basic Role details - Provide basic information for new role definition.
  • Role Conditions - Develop a query and associate with the role for role assignment under specific conditions.
  • Role Mapping - Map the role to various applications and entitlements. These are provisioned to the user once the role is approved and role conditions are met.

Add Basic Role Details

Enter information for the following fields:

  • Role Name* - Provide a brief descriptive role name. The field takes alphanumeric text with no special characters allowed (max 50 characters).
  • Search keywords - Provide a brief keyword that will help to search and filter for the role in the catalog. You can add multiple items separated by commas.
  • Description* - Describe the role. This field takes alphanumeric text with special characters ( max 255 characters)
  • Role owner* - Provide a role owner name. On name entry, IDHub auto assists with suggested existing user names and does not allow names other than what is in IDHub.
  • IDM* - This will list a drop-down with all IDM systems that the current instance of IDHub is connected to. Currently, "IDHub" is the only instance option.
  • Approval Workflow* - The approval workflow for the role needs to be selected. This is the workflow when the role is requested from the IDHub catalog.
  • Risk Level* - The risk level of the role needs to be identified. A value between 1(low) - 3(high) is selected.
  • Select Requestable if this role can be requested from the catalog else it displays only in Manage Catalog for admin but not in Search Catalog for end users.

Add Role Condition(s)

What is the Role condition?

A role condition assists with determining various scenarios in the system about when a specific role needs to be assigned to a user. When a Role is created, a condition can be associated with that role using the role condition query. Multiple conditions can be combined using AND, OR to form the query.

Some examples of how role condition criteria can be defined and processed for an assignment are:

  • Birthright roles - When a new user is on-boarded into IDHub, they are associated with to be a specific category of user. This category associates the user to specific roles for which a role condition can be processed that give access to specific organizational resources 
  • Depending on user type or location of the user (us-east, us-west, us-central, Europe, Asia) only specific roles are available for request.
  • Associate segregation of duty violations. When a user changes department or currently has a specific role, the user is not allowed certain other Roles. 

Any/all attributes associated with a user can be used to build a role condition. 

IDHub Role condition can be created using the following methods:

Basic Method

The basic method defines a condition as a combination of 3 things - User Attribute + operator + value. Multiple conditions can be stringed together using AND, OR functions.


User Attributes:

      • Organisation Name
      • Status
      • IDM
      • Department
      • User Type
      • Administrator
      • Home Address


operator:

  • equals (=)
  • contains
  • greater than (>)
  • greater than or equals to (>=)
  • less than (<)
  • less than or equals to (<=)
  • not in
  • starts with

Values from the database

Examples:

1. If the below conditions are true then assign the role ABC-Employee to a newly onboarded IDHub user that gives the user basic access to all birthright assignments replacing manual assignments.

Condition 1 - userType equals Employee

Function - AND

Condition 2 - Status equals ACTIVE  

2. If the below conditions are true then assign the role ABC-HQ, to the recently relocated or newly onboarded user at this location that gives the user access to all doors in ABC HQ.

Condition 1 - Location equals "US-New York"

AND 

Condition 2- userType equals "Employee" OR userType equals "Contractor"

Advanced Method:

When the user clicks on Advanced, data entered in basic is converted into a query form that the user can edit as needed.

Role Mapping to Applications and Entitlements:

This wizard form allows role to application-entitlements mapping. Application and entitlements can be selected via a search and added to a list of resources mapped to the role while in creation. The resources can also be removed from the list as required.

Wizard Navigation 

The role creation can be paused at any time and can be saved as a draft for review and completion at a later time. The wizard also provides ease of navigation and options to move "'Previous' or 'Next' at any time.

The role creation can be submitted with justification for approval. Once submitted, a success message for the submitted role is displayed and the user is navigated back to the Manage Catalog page. 

In this section

Related content

Need more help?

Folks at IDHub are ready to support you.

Ask the IDHub Team

Add a new user

Overview

There are 2 ways to Onboard Users

  • Via Reconciliation based registration
  • Via Direct Registration through Keycloak Registration Form

How can I on-board my employees into IDHub using Keycloak Registration Form?

Keycloak provides a form unique to every customer of IDHub.

Setting up Keycloak

For procuring this and using this form, you would need to do the following:

  • Go to Keycloak Administration section - This can be done via Admin Settings page for Administrators
  • Go to Authentication Tab from Left Menu
  • Click on Bindings Tab
  • Click on 'Direct Registration'

Contact IDHub Administrator for procuring the form link for yourself 

User Registration

Send the form to the new user that needs Onboarding into IDHub

  • New User opens the Registration Form
  • Enter mandatory credentials in the form
  • Saves the form and gets redirected to the Login page of IDHub
  • Upon entering the valid credentials, user can now get into IDHub and perform all the actions of an end user

How can I on-board users using Reconciliation?

Prerequisites

Performing Reconciliation

  • Go to Manage Catalog page
  • Click on Ellipsis (3 dots) on the application which was On-boarded and is a Trusted (Reconciliation) Application
  • Click on Reconciliation
  • You will be navigated to the Reconciliation Page
  • Download the sample file provided specific to this application
  • Enter Application information with new users
  • Upload the file and see validations for newly added information that will be made by IDHub
  • Validate and complete reconciliation

Procuring Default Passwords for login via Reconciliation

  • Contact Support team for procuring default passwords for newly added users

Login with New Users

  • After successful On-boarding, new users will be able to perform all functions of an end user

People Visited This Page Next

Request applications based on Designations! Check the Role feature!

Role Setup


Need more help?

Folks at IDHub are ready to support you.

Ask the IDHub Team

Add a new service request

What are Service Requests?

Service Requests are used for managing IT and Operational related services, and assist organizations by helping to facilitate tangible and intangible services, used within the business, which can be requested by any user within IDHub.

Service Requests empower organizations by standardizing IT and operational processes and commonly requested services, as well as provide detailed tracking related to those requests.

IDHub Service Requests are are broken down into the following categories:

  • Complaints
  • In-House Requests
  • Maintenance
  • Travel & Accommodations
  • User Modifications
  • Device Request
  • Office Equipment
  • Safety Equipment
  • Telecom Equipment
  • Other Requests

Below are some commonly used Service Requests:

  • Document Creation
  • Printing
  • Simple Graphics
  • Promotional Materials
  • Policy Document Update
  • Time-Sheet Update
  • Create a User
  • Modify a User
  • Terminate a User
  • Lock Account
  • Password Resets

Who can create Service Requests?

System Administrators and Access Managers have permissions to create any type of Service Request needed within their organization. Although, IDHub can be configured to provide these permissions to any Role, as needed.

IDHub offers a few out-of-the-box Service Requests, related to the User Life-cycle, which can be modified if needed:

  • Create New User
  • Disable/Enable User
  • Modify User
  • Remove User
  • Reset Password

How can I create a Service Request?

Adding a new Service Request is a breeze with IDHub. Simply login with admin credentials, navigate to the “Service Request” page, and click on “Create Request”.

After clicking on "Create Request", the Service Request creation wizard will open, allowing you to enter the required information:

  • Service Request Type
  • Request Name
  • Description
  • Approval Workflow

Approval Workflows

Approval Workflows have their own dedicated wizard, used to create any Custom Approval Workflow imaginable. When configuring an Approval Workflow, you can choose what category(s) the workflow will be used for. Service Requests are a category.

If the Approval Workflow needed for the new Service Request is not shown as an option, you will need to go into the workflow you choose, and add "Service Request" to the category drop-down. This will allow that specific Approval Workflow, to be a choice when creating a new Service Request.

Custom Forms

Custom Forms can be attached to Service Requests, requiring the user who is requesting, to complete the form as part of the request process.

If you choose to use a Custom Form, you can either create a new form, or select a pre-existing form.

Custom Forms are not required.

Who approves the newly created Service Request?

Only Access Managers have the permissions to approve newly created Service Requests, before they become available for users to request.

Once the new Service Request has been submitted, an Access Manager will receive a task to approve the new Service Request.

Once approved, the Service Request will be available on the "Search Catalog" page, along with all other active requestable resources, for users to request. (As long as it was configured as "Requestable")

How can I track my request to create a new Service Request?

Tracking any request can be done from the "Requests" page, within any IDHub user account.

Simply click on the specific request, and easily view all details regarding the request process.

Note: In the below image, Jerome is an Access Manager, and he created this new Service Request, which is why he also "Claimed" and "Approved" the task to create the new Service Request, "Key Card Access".




Customize your email templates

Administrators can also manage email templates that are present in IDHub

How can I setup my own SMTP email?

You can add your own details for SMTP setup from 'Admin Settings' Tab

Go to 'Email Configuration' sub-tab from the list

Click on Edit to customise your information

How can I manage existing templates?

To manage templates, you have to click on 'Email Templates' from the left panel

You can create your own template by clicking on 'Create New' button

You can add custom attributes and edit templates as per your organisation needs with custom logos and texts

You can also use 'Code View' for existing Email template and re-use as needed.

Click on 'Activate' to create and use the template.

How can I view the mails sent for each template type?

IDHub also provides an option to review sent mails for each template.

Click on View for any existing template from the list view.

There are 2 Tabs in the Viewing of Email Template:

Details Tab

Here details of the template and preview of how it will be sent is shown

Logs Tab

In Logs Tab, you will be able to search for an user based mails sent or email or date or status. The complete list is provided for admins to get a preview in case more information is needed.


Create a custom workflow

Purpose of the Document

In this document, we would be discussing how to create a new custom workflow.

How to create a New Custom Workflow

For this go to the workflows section (you need to be a system administrator role in order to access this section). By default the system would be showing the out of the box workflows that is already present at IDHub under the Workflow Tab.

As shown in the screenshot below, in the right hand side of the page, there is “Create Workflow” button.

When you click on that button this opens up a separate page, which is custom workflow editor.

Workflow Editor

After you click on the Create Workflow button, IDHub would be showing you the Workflow editor section, as is shown in the screenshot below:

The different sections of this page is described below:

Name of the Custom workflow

At the top left section of the editor we have a small pencil icon. If you click on that icon, the system shows the following in a right hand side panel (shown in the screenshot below)

In the right hand side panel, you are supposed to enter the following details about the custom workflow that you are going to create.
- Workflow name* (this is a mandatory)
- Description
- Keywords
- Category (drop-down) (this is a mandatory)
When you click on the category, system would be showing the following options:

You can go ahead and select on or more category from the above options provided.

- Request states
- Select custom form (if there are any custom form associated with the workflow, then you can select it from the drop-down)


Nodes section
Then we have the nodes section as is shown in the screenshot below:

User

For a comprehensive understanding of IDHub if you are a user (employee of an organisation) that wishes to request for accesses of applications and permissions, follow our User Guide for more information.

User tutorial

Who is an end-user?

An end-user is any person in the organization who is using IDHub for requesting for an application and managing it's own accesses.

How can I get an end-user access?

If you are on-boarded into IDHub as a user, you will get an end-user access by default.

No role is tied up with this functionality.

What will the tutorial include? 

This tutorial will help you set up your IDHub tool, and help you get acquainted with the various features of IDHub User Tool. Also,we can help you get up to speed on activities you can accomplish using this tool.

By the end of this tutorial, you will be able to: 

  • Login & Home Page
  • View your Profile in IDHub
  • Search Catalog
  • Access Request
  • Approve/ Reject Tasks
  • Certify Users
  • Save & Share List
  • Manage Proxies
  • Revoke Accesses
Let's go!

In this section

Home Page
User Profile
Search Catalog
Access Request
Track Request
Save and Share List
Task Management


Key IDM terms you need to know

IDHub Overview

Need more help?

Folks at IDHub are ready to support you.

Ask the IDHub Team