Connected Vs Disconnected
An application in IDHub can be created via multiple ways. This document lists the ways in which a user can create a new application in IDHub.
Before getting into that let’s understand what types of application there are:
Types of Application
Based on Connection Type
Connected
Disconnected
Let us go into each way in detail
Connected Application
An application is designated as 'Connected' if connection is established to send and receive account and entitlement related information from IDHub to the Target System (which can be any application) or vice-versa.
In the above case, below things are done
- Automated Provisioning - Here upon approval of an access request, there is no manual fulfillment by an IT personnel to provide access to the user to the Target system. IDHub creates an account for the user and associates any entitlement (permission in the Target system) present in the request
- Automated De-provisioning - Here upon request of removal of account of a user, no manual fulfillment is needed and that is handled by IDHub APIs
- Reconciliation - Data Synchronization of user accounts and entitlements are also done by IDHub APIs and sync information from Target System to IDHub
- Fetch account attributes and Entitlement - To ease of onboarding of the application, pre-defined attributes and desired entitlements and its metadata is fetched from the Target System for quick and seamless connection to IDHub
- Additional Configurations - IDHub provides additional features that uses IDHub or external APIs to perform various functions across both applications.
Disconnected Application
An application is designated as 'Disconnected ' if there is no connection established to send and receive account and entitlement related information from IDHub to the Target System (which can be any application) or vice-versa.
In the above case, below things are done
- Manual Provisioning - Here upon approval of an access request, there is another stage of ticket completion named ‘Fulfillment’ which sends a task to a designated group to perform the account creation or entitlement assignment manually in the Target System and close the task manually in IDHub to update data in IDHub
- Manual De-provisioning - Here upon request of removal of account of a user, ticket to remove account manually is created similar to create account or entitlement association mentioned above.
- File Based Reconciliation - For timely data synchronization from the Target System to IDHub, a file upload is made in IDHub format to get correct user account information and entitlements for every account
- Manual creation of account attributes and Entitlement - For a disconnected applications, the account attribute required to create an account in the Target System and its set of entitlements that will be needed for provisioning/ requesting is manually added in IDHub via Application Creation Wizard or via Bulk Upload file