Skip to main content

Manage App Overview

Application Management

One of the primary functions of a System Administrator is to manage Applications.

What is an Application?

Application is a target system that an enterprise is using and wishes to manage permissions and account of.

IDHub can integrate with thousands of applications to manage provisioning and de-provisioning of all enterprise users. For a connected application (for which an active integration is present), IDHub monitors and maintain the connection to manage accounts and their permissions for the application.

IDHub provides an option for system administrators to:

  • Connect applications to IDHub for seamless request accounts and permissions with the application from IDHub platform
  • Add disconnected applications within IDHub along with list of entitlements for each application that can be manually fulfilled by an IT Team
  • Onboard all the applications (Both connected and disconnected) via a single file upload

After the application is customised to the organisation's needs, end users can:

  • Request the application through a centralised catalog repository with a shopping cart experience

System administrators can use our custom connectors to connect to other applications and pull data into IDHub directly. To know more about the connectors, see the Connectors page

IDHub provides integrations for:

  • On cloud apps for provisioning and deprovisioning
  • On premise web-based applications
  • On premise support for applications that exposes APIs publicly for provisioning

Connected Applications

The system administrator can connect to any applications for which connectors are made or APIs are exposed. The connection can be established either by:

  • Single application onboard (via wizard) OR
  • Bulk application onboard (via file upload)

In both the cases, administrator needs to make sure that the connection is established with a pre-existing connector in IDHub or a custom connector is built by support team.

IDHub asks for credentials for the application to establish the link. IDHub stores the credentials and uses it to validate the connection.

Once key is validated, all the attribute information and entitlement information is pulled into IDHub and managed.

While configuring the application, you can setup the application so that:

  • Attribute specific synchronisation is happened between IDHub and the application
  • Entitlement specific synchronisation is present
  • Customise user response form which is specific to the application that the end-user fills every time they request for the application
  • Customise workflow that can have it's own level of approvals with customised forms attached at each level as desired
Benefits:
  • Automated fulfilment and creation/revocation of accounts
  • Automation fulfilment of user attributes with applications (If the application is a trusted application - From where user information is coming)
  • Automated fulfilment of account's entitlements (permissions) with the application
  • Upstream synchronisation: Below options will be present for each application:
    • Do not update any information
    • Update account only
    • Update user attributes only
    • Update both account and user attributes
  • Downstream synchronisation:
    • Do not update any information
    • Update account only
    • Update user attributes only
    • Update both account and user attributes

This will help users in synchronising only desired attributes into user profile in IDHub and vice-versa.

Note: There are many organisations which have user information coming from multiple applications. It is important to configure attribute synchronisation keeping in mind that the attributes synchronisation do not overlap between those applications 

Sensitive applications

For sensitive applications, IDHub provides an option to not be requested by any end-user and the application can be provided via Role based access and certain conditions only.

Password Changes

If the administrator password gets changed, below steps will need to done to re-establish the connection with the connector:

  1. Go to Manage Catalog page
  2. Click on Edit icon for the application that has lost the connection
  3. Change the password in the Connection details section in the wizard
  4. Submit the application request again for approval by Access Manager group
  5. Once approved, the password will be changed and the connection will be restored

The Reveal Password feature is disabled while editing the application, as any administrator with access to managing the application can edit the application and will not have access to the password.

More about IDHub Provisioning

IDHub Application Life Cycle has many functionalities within itself. It includes:

  • Importing application information into IDHub
  • Setting up access-request flow for the application
  • Setting up custom forms required in the access-request flow
  • Setup roles associated with the application
  • Configure birth-right rules for set of applications present in a role
  • Provisioning to and from applications
  • De-provisioning to and from applications
  • Reconciliation of information from application to IDHub and vice-versa
  • Disable/ Enable an application for temporary access-restriction
  • Retiring of an application

The above functionalities follow the commonly used principle of CRUD - Create, Read, Update and Delete user accounts in an application

IDHub Triggers

During the employee life cycle in an organisation, there are various stages in which access related information needs to be updated. Some of them are:

  • Joining in the organisation
  • Promotions & Demotions
  • Employee position or role change
  • Application license expiration
  • Employee Termination
  • Employee Rehires etc.

During all the above life cycle changes, IDHub roles and certification process can be defined to trigger a automatic account update based on the event.

Manage Catalog

As a System Administrator, Manage Catalog is where you will find yourself most of the time within IDHub Admin Console.

On click of 'Manage Catalog' from Dashboard, you will land up here in the Manage Catalog page.

Below are the sections you can go into from the Manage Catalog page:

Left Panel

This global navigation bar on the left helps you navigate to different modules within IDHub.

Add Application

Add Application allows onboard of a single application or multiple applications using a wizard format. Choose one of the following from the drop-down options on click of Add Application:

Add Application

This is to request a single application & on-board it using a wizard.

Bulk Application Upload

You can request multiple or bulk application on-boarding using .csv file. Steps to perform this are:

  1. Download a sample.csv file template and review it's file header for required application attributes. 
  2. Modify sample file to provide application specific data. Each row within the .csv provides details for a single application. Total number of rows indicate total applications being on-boarded in batch.
  3. Save and upload file for processing.
  4. Validate and request approval of multiple applications with a single file submit !

Create Role

Create Role allows you to define a Role withing IDHub that defines access to all the applications and entitlements that role will provide to perform a job. As a system administrator you will be responsible for managing the -

  • Development of access policy to that Role that determines who gets access to the Role. 
  • Association of applications and entitlements that are required as part of that Role.
  • Certification of role memberships on a periodic basis to maintain adherence to organizational and regulatory standards

The Search bar comprises of a search box to enter search criteria and a filter tab that helps you filter the results. You can use the tab to view "All" the results or only "Applications" or only "Roles".

Search Results

Provide a list view of results generated of a search.

Application Card with Actions

Each  application in the result set is displayed in a separate tile and has the following items -

  • Application Logo
  • Application Name
  • Health Status
    • If Green - that means the application is completely synced and good to request
    • If Neutral - There might be a break in application information either due to form mismatch or workflow errors, no one will be able to request the application unless the error is fixed. To get the exact error, hover over the Health indicator alongside Application name
    • If Red - The connection may be broken and you would need to fix the connected application to resume access requests
  • Tags (If any)
  • Description (if any)

Admins can perform below functions:

  • View: An Admin can enter the view application section by clicking on the card
  • Edit: By pressing on the Edit icon, Admin can start editing the application. On Click, system opens the Application Wizard in Edit Mode and allows the system administrators to make changes to fields. On submission after edit, the Application again goes through an approval request workflow to the Access Manager group for approved changes to be reflected in the Catalog.
  • Other functions:
    • Export PDF: Exports the Application data in PDF format (This function is not available in current versions of IDHub)
    • Export JSON: Exports the Application data in JSON format.
    • Disable:  Disables the Application. This causes the application to be removed from the search catalog page and is no longer requestable. All identities with access to the application will have their access disabled.
    • Retire Application: Decommissions the application and revokes the application for all identities.
    • Target System Synchronizations: Synchronization is the process of updating of changes to user identity and entitlements data from IDHub to Target System using  user identity synchronization. This synchronization detects changes to user attributes and automatically copies over the updates from Target systems  to IDHub. (This feature will only be present for Connected applications) - (This function is not available in current versions of IDHub)
    • Reconciliation: This is a process of importing data from a disconnected system on a periodic basis as determined by you. The goal is to verify that  actual access of the user aligns with approved access. After an Application is on-boarded , reconciliation is enabled . You can upload flat files using sample templates for target systems under your management. This allows you to fetch user account profiles and their entitlements (permissions) from target systems and publish them in IDHub.

Role Card with Actions

Each  role in the result set is displayed in a separate tile and has the following items -

  • Role Logo
  • Role Name
  • Tags (If any)
  • Description (if any)

Admins can perform below functions:

  • View: An Admin can enter the view role section by clicking on the card
  • Edit: By pressing on the Edit icon, Admin can start editing the role. On Click, system opens the Role Wizard in Edit Mode and allows the system administrators to make changes to fields. On submission after edit, the Role again goes through an approval request workflow to the Access Manager group for approved changes to be reflected in the Catalog.
  • Other functions:
    • Export PDF: Exports the Role data in PDF format
    • Export JSON: Exports the Role data in JSON format.
    • Disable:  Disables the Role. This causes the role to be removed from the search catalog and is no longer requestable. All identities with access to the application will have their access disabled.
    • Retire Role: Decommissions the role and revokes the role and applications/ entitlements that got provided due to role assignment for all identities.

Need more help?

Folks at IDHub are ready to support you.

Ask the IDHub Team