Skip to main content

On-board Your Connected Application

Overview

For Onboarding Applications into IDHub, there are 2 ways:

  • Single Application Onboarding
  • Bulk Application Onboarding

Single Application On-boarding

An application can either be 

  • Connected to IDHub
  • Disconnected from IDHub

What is Connected Application?

Functions of connected application is that

  • New Accounts - An account can get automatically created once requested by any member of your organization via IDHub
  • Revoke Accounts - Auto-Revocation of account will happen seamlessly without any manual interactions with the system
  • Synchronizations - Auto-validation of user access's and timely synchronizations can happen with the connected system
  • Criteria based Synchronizations - A specific user sync can also be requested to avoid mass synchronizations from an application to IDHub

What is Disconnected Application?

Functions of disconnected application is that

  • New Accounts - Someone from your organization would need to manually copy paste the user information in your application and create an account for requester
  • Revoke Accounts - Someone from your organization would need to manually go an revoke user account from your application
  • Synchronizations - No synchronizations occur automatically for this application. Reconciliation can be availed to update IDHub information based on application data
  • Criteria based Synchronizations - No such feature will be present for disconnected application

How do I on-board my Connected Application for which a connection has been established?

For Onboarding an application, a connection needs to be established by your application and IDHub.

If you have established the connection, first step is Requesting for the application:

Requesting for an Application

  • Login to IDHub application with Administrator credentials
  • Go to Manage Catalog Page
  • Click on Application drop-down
  • Click on Add Single Application option
  •  You will be navigated to Application Onboarding section

Basic Details

  • Upload a Logo for the application (if any)
  • Add the Application Name (Make sure to add it correctly as this will be displayed across IDHub and is not editable again)
  • Enter Description
  • Enter Search Keywords (For easy identification at a later stage)
  • Add to Role - If you want to associate with an already added Role
  • Add to Collection - If you want to associate with an already added Collection

Application Owner

  • Business Owner - The one that has business ownership of this application
  • IT Owner - The one that would be solely responsible for the functioning of this application
  • IDM - Select which IDM Version you want to associate this application (As IDHub can associate itself with multiple IDMs at a single point of time, you can chose which application would you like to associate the application with)

Integration Details

  • Choose 'Connected' from Integration Level drop-down
  • Enter Connection URL which was identified while establishing the connection for the application (See Application.yml file for your chosen connected app
  • Choose the authentication type -
    • OAuth2 Authentication
  • Select Trusted Reconciliation as:
    • Yes - If you wish to Onboard users to IDHub from this Application via Reconciliation - To know more about it, go to the IDHub Guide
    • No - If you not wish to add users into IDHub from this Application via Reconciliation

Reconciliation Scheduler

  • Choose a scheduler time as per your need on which you wish to have periodic synchronizations between IDHub and your Application

Note: Every time a reconciliation scheduler runs, a log gets created in the Reconciliation log section of the application. Details can be viewed for the scheduled job in there

Approval Workflow

  • Choose a workflow as desired from the list of workflows that IDHub supports
  • Choose Tags for Certification (if needed to identify later)
  • Choose a Risk level - In case for identification later
  • Select Requestable - If you wish to make it request-able by others in your organization

Click on Next after adding all the above Information. 

  • If the authentication is validated you will be moved to Attribute page, else correct information will be required to be added

Attribute Page

Things to Note:

  • All the fields may be synchronized from the application itself (if the connection is established as per recommended steps) upon click of "Fetch Attribute" button
  • You will have ability to edit attributes in this section
  • You would need to have at least 1 Reconciliation Key and 1 Unique Field in your attribute list to move forward
  • Complete all the required/ non required attribute information to proceed

Entitlements

  • All the fields may be synchronized from the application itself (if the connection is established as per recommended steps) upon click of "Fetch Entitlements" button
  • You will have ability to edit entitlements in this section
  • This page is not mandatory to fill for disconnected apps
  • For connected apps once entitlements are fetched, the required data will be auto-filled for your convenience. If you wish to alter anything, you can. 
  • You would need to submit justification to request for the application

Congratulations! The request for Onboarding an Application is completed at this stage.

Approving the Requested Application

For Approving the Onboarding of the application, you would need to:

  • Login with a user that has 'Access Manager' Role with them
  • Go to Tasks Page
  • Claim the added Application
  • Approve the added Application
  • Logout of IDHub and login with the requester
  • Navigate to Manage Catalog
  • You will be able to see the Added Application in there

Validation of Application On-boarding

  • Go to Search Catalog Page (If you had made the application Requestable)
  • Request for the On-boarded Application
  • Complete the Workflow that was chosen
    • If Auto-approval - Go to My Profile of the requested user and view the application
    • If Manager-Approval - Go to Manager to approve the request and complete workflow
    • If Group Approval - Go to Individual Group members to approve the request and complete workflow
  • Once Workflow is completed and validated in the Requests Page by the requester, the application can be seen in the My Profile Section too
  • Click on the Application in the My Profile Section and see Provisioned Status in the Right Hand Side Panel
  • Go to your Application and check that the user account was created with the desired account name

Congratulations! You have successfully established a Connected System into IDHub