On-board Application
An application in IDHub can be a Connected Application or Disconnected Application.
What is Connected Application?
- New Accounts: An account can get automatically created once requested by any member of your organization via IDHub.
- Revoke Accounts: Auto-Revocation of account will happen seamlessly without any manual interactions with the system.
- Synchronizations: Auto-validation of user access's and timely synchronizations can happen with the connected system.
- Criteria based Synchronizations: A specific user sync can also be requested to avoid mass synchronizations from an application to IDHub.
What is Disconnected Application?
- New Accounts: Someone from your organization would need to manually copy paste the user information in your application and create an account for requester.
- Revoke Accounts: Someone from your organization would need to manually go an revoke user account from your application.
- Synchronizations: No synchronizations occur automatically for this application. Reconciliation can be availed to update IDHub information based on application data.
- Criteria based Synchronizations: No such feature will be present for disconnected application.
How Do I On-board My Connected Application?
For Onboarding an application, a connection needs to be established by your application and IDHub. Please follow the steps below to On-board your connected application.
Requesting For An Application
- Login to IDHub application with Administrator credentials.
- Go to Manage Catalog Page.
- Click on Application drop-down.
- Click on Add Single Application option.
- You will be navigated to Application Onboarding section.
Basic Details
- Upload a Logo for the application (if any).
- Add the Application Name (Make sure to add it correctly as this will be displayed across IDHub and is not editable again).
- Enter Description.
- Enter Search Keywords (For easy identification at a later stage).
- Enter Application URL.
Application Owner
- Business Owner: The one that has business ownership of this application.
- IT Owner: The one that would be solely responsible for the functioning of this application.
- IDM: Select which IDM Version you want to associate this application (As IDHub can associate itself with multiple IDMs at a single point of time, you can chose which application would you like to associate the application with).
Integration Details
- Choose 'Connected' from Integration Level drop-down.
- Enter Connection URL which was identified while establishing the connection for the application (See Application.yml file for your chosen connected app).
- Choose the authentication type
- OAuth2 Authentication
- Select Trusted Reconciliation as:
- Yes: If you wish to On-board users to IDHub from this Application via Reconciliation.
- No: If you do not wish to add users into IDHub from this Application via Reconciliation.
Reconciliation Scheduler
Choose a scheduler time as per your need on which you wish to have periodic synchronizations between IDHub and your Application.
note
Every time a reconciliation scheduler runs, a log gets created in the Reconciliation log section of the application. Details can be viewed for the scheduled job in there.
Approval Workflow
- Choose a workflow as desired from the list of workflows that IDHub supports.
- Choose Tags for Certification (if needed to identify later).
- Choose a Risk level: In case for identification later.
- Select Requestable: If you wish to make it request-able by others in your organization.
- Click on Next after adding all the above Information.
- If the authentication is validated, you will be moved to Attribute page, else correct information will be required to be added.
Attribute Page
- All the fields may be synchronized from the application itself (if the connection is established as per recommended steps) upon click of "Fetch Attribute" button.
- You will have ability to edit attributes in this section.
- You would need to have at least 1 Reconciliation Key and 1 Unique Field in your attribute list to move forward.
- Complete all the required/ non required attribute information to proceed.
Entitlements
- All the fields may be synchronized from the application itself (if the connection is established as per recommended steps) upon click of "Fetch Entitlements" button.
- You will have ability to edit entitlements in this section.
- This page is not mandatory to fill for disconnected apps.
- For connected apps once entitlements are fetched, the required data will be auto-filled for your convenience. If you wish to alter anything, you can do the same.
- You would need to submit justification to request for the application.
info
Congratulations. The request for Onboarding an Application is completed at this stage.
Approving the Requested Application
- Login with a user that has 'Access Manager' Role with them.
- Go to Tasks Page.
- Claim the added Application.
- Approve the added Application.
- Logout of IDHub and login with the requester.
- Navigate to Manage Catalog .
- You will be able to see the Added Application in there.
Validation of Application On-boarding
- Go to Search Catalog Page (If you had made the application Requestable).
- Request for the On-boarded Application.
- Complete the Workflow that was chosen
- If Auto-approval: Go to My Profile of the requested user and view the application.
- If Manager-Approval: Go to Manager to approve the request and complete workflow.
- If Group Approval: Go to Individual Group members to approve the request and complete workflow.
- Once the Workflow is completed and validated in the Requests Page by the requester, the application can be seen in the My Profile Section too.
- Click on the Application in the My Profile Section and see Provisioned Status in the Right-Hand Side Panel.
- Go to your Application and check that the user account was created with the desired account name.
info
Congratulations. You have successfully established a Connected System into IDHub.