Skip to main content

On-board Application

An application in IDHub can be a Connected Application or Disconnected Application.

What is Connected Application?

  • New Accounts: An account can get automatically created once requested by any member of your organization via IDHub.
  • Revoke Accounts: Auto-Revocation of account will happen seamlessly without any manual interactions with the system.
  • Synchronizations: Auto-validation of user access's and timely synchronizations can happen with the connected system.
  • Criteria based Synchronizations: A specific user sync can also be requested to avoid mass synchronizations from an application to IDHub.

What is Disconnected Application?

  • New Accounts: Someone from your organization would need to manually copy paste the user information in your application and create an account for requester.
  • Revoke Accounts: Someone from your organization would need to manually go an revoke user account from your application.
  • Synchronizations: No synchronizations occur automatically for this application. Reconciliation can be availed to update IDHub information based on application data.
  • Criteria based Synchronizations: No such feature will be present for disconnected application.

How Do I On-board My Connected Application?

For Onboarding an application, a connection needs to be established by your application and IDHub. Please follow the steps below to On-board your connected application.

Requesting For An Application

  • Login to IDHub application with Administrator credentials.
  • Go to Manage Catalog Page.
  • Click on Application drop-down.
  • Click on Add Single Application option.
  • You will be navigated to Application Onboarding section.

Basic Details

  • Upload a Logo for the application (if any).
  • Add the Application Name (Make sure to add it correctly as this will be displayed across IDHub and is not editable again).
  • Enter Description.
  • Enter Search Keywords (For easy identification at a later stage).
  • Enter Application URL.

Application Owner

  • Business Owner: The one that has business ownership of this application.
  • IT Owner: The one that would be solely responsible for the functioning of this application.
  • IDM: Select which IDM Version you want to associate this application (As IDHub can associate itself with multiple IDMs at a single point of time, you can chose which application would you like to associate the application with).

Integration Details

  • Choose 'Connected' from Integration Level drop-down.
  • Enter Connection URL which was identified while establishing the connection for the application (See Application.yml file for your chosen connected app).
  • Choose the authentication type
    • OAuth2 Authentication
  • Select Trusted Reconciliation as:
    • Yes: If you wish to On-board users to IDHub from this Application via Reconciliation.
    • No: If you do not wish to add users into IDHub from this Application via Reconciliation.

Reconciliation Scheduler

Choose a scheduler time as per your need on which you wish to have periodic synchronizations between IDHub and your Application.

note

Every time a reconciliation scheduler runs, a log gets created in the Reconciliation log section of the application. Details can be viewed for the scheduled job in there.

Approval Workflow

  • Choose a workflow as desired from the list of workflows that IDHub supports.
  • Choose Tags for Certification (if needed to identify later).
  • Choose a Risk level: In case for identification later.
  • Select Requestable: If you wish to make it request-able by others in your organization.
  • Click on Next after adding all the above Information.
  • If the authentication is validated, you will be moved to Attribute page, else correct information will be required to be added.

Attribute Page

  • All the fields may be synchronized from the application itself (if the connection is established as per recommended steps) upon click of "Fetch Attribute" button.
  • You will have ability to edit attributes in this section.
  • You would need to have at least 1 Reconciliation Key and 1 Unique Field in your attribute list to move forward.
  • Complete all the required/ non required attribute information to proceed.

Entitlements

  • All the fields may be synchronized from the application itself (if the connection is established as per recommended steps) upon click of "Fetch Entitlements" button.
  • You will have ability to edit entitlements in this section.
  • This page is not mandatory to fill for disconnected apps.
  • For connected apps once entitlements are fetched, the required data will be auto-filled for your convenience. If you wish to alter anything, you can do the same.
  • You would need to submit justification to request for the application.
info

Congratulations. The request for Onboarding an Application is completed at this stage.

Approving the Requested Application

  • Login with a user that has 'Access Manager' Role with them.
  • Go to Tasks Page.
  • Claim the added Application.
  • Approve the added Application.
  • Logout of IDHub and login with the requester.
  • Navigate to Manage Catalog .
  • You will be able to see the Added Application in there.

Validation of Application On-boarding

  • Go to Search Catalog Page (If you had made the application Requestable).
  • Request for the On-boarded Application.
  • Complete the Workflow that was chosen
    • If Auto-approval: Go to My Profile of the requested user and view the application.
    • If Manager-Approval: Go to Manager to approve the request and complete workflow.
    • If Group Approval: Go to Individual Group members to approve the request and complete workflow.
  • Once the Workflow is completed and validated in the Requests Page by the requester, the application can be seen in the My Profile Section too.
  • Click on the Application in the My Profile Section and see Provisioned Status in the Right-Hand Side Panel.
  • Go to your Application and check that the user account was created with the desired account name.
info

Congratulations. You have successfully established a Connected System into IDHub.