Chat now with support
Chat with Support

Cloud Access Manager 8.1.1 - Configuration Guide

Configuring a front-end authentication method Adding a web application Configuring step-up authentication Managing your SSL certificate Changing the Cloud Access Manager service account password Reporting Customizing Dell™ One Identity Cloud Access Manager

OpenID Connect/OAuth 2.0

For information on how to use Dell™ One Identity Cloud Access Manager as an OAuth v2.0 or OpenID Authorization Server, please refer to the document entitled Dell™ One Identity Cloud Access Manager How To Develop OpenID Connect Apps.

Manual user provisioning

If the application you are configuring does not provide a user provisioning API, you can use Dell™ One Identity Cloud Access Manager as an intermediary between the user and the manual process of creating a user account for the application.
Manual user provisioning enables users to request a user account for an application from their application catalog. Cloud Access Manager then sends an email to the owner of the application advising them that the user requires an account.
The application owner manually creates the user account within the target application. When the user account has been created, the application owner returns to the email received from Cloud Access Manager and clicks the confirmation link contained in the email to confirm that they have created the user account.
Alternatively, a Cloud Access Manager administrator can view any outstanding manual provisioning requests. To do this, go to Cloud Access Manager Application Portal | Users |Manual Provisioning Requests and confirm that the requests have been dealt with.
When the user account request is confirmed as complete, the application is displayed on the user’s application portal home page within Cloud Access Manager.
* 
NOTE: You must have SMTP settings configured within Cloud Access Manager to enable manual user provisioning.

HTTP basic authentication

To configure HTTP Basic Authentication
1
Log in to the Administration Console using the desktop shortcut Cloud Access Manager Application Portal and select Add New from the Applications section on the home page.
Dell™ One Identity Cloud Access Manager provides a set of application templates to automatically configure common applications. This example describes how to configure an application manually, rather than using a template.
2
Click Configure Manually.
3
Select HTTP Basic Authentication and click Next.
* 
NOTE: Additional user attributes can be sent in HTTP headers. In this example we want to send the username and password only.
4
Enter the protocol and Fully Qualified Domain Name (FQDN) used by the application you wish to Single Sign-On (SSO). Click Next.
* 
NOTE: The protocol and FQDN can be obtained from the URL used to access the application. For example, if the application is normally accessed using https://ars.democorp.local/ARServerAdmin, the protocol would be Secure HTTP (HTTPS) and the FQDN would be ars.democorp.local
5
In this step, Cloud Access Manager needs to know how to proxy the application. Typically this involves configuring Cloud Access Manager to proxy the entire web server used by the application using a new fully qualified domain name (FQDN). This is the preferred method and the method compatible with the most applications. To configure Cloud Access Manager in this way, simply enter a new public FQDN into the field provided on the Proxy URL page, and click Next.
The new FQDN should be within the wildcard DNS subdomain created during the installation, which will resolve to the public IP address used by the proxy. For example, if you created the wildcard Domain Name Service (DNS) subdomain *.webapps.democorp.com during the installation you could use the FQDN owa.webapps.democorp.com to proxy Microsoft® Outlook® Web App. If you did not create a wildcard DNS subdomain for Cloud Access Manager during the installation you will need to manually add this new FQDN into your public DNS. The new FQDN should be covered by the wildcard SSL certificate you are using.
Alternatively, some applications are installed entirely within their own virtual directory on the web server where they reside. One example of such an application is Dell™ One Identity Active Roles, formerly known as Quest One™ ActiveRoles Server™, which installs into the virtual directory /ARServerAdmin. In this case you may be able to configure Cloud Access Manager to proxy the application's virtual directory only, rather than the whole web server, and reuse the FQDN of the proxy. To configure this option, select the proxy's FQDN from the list, then enter the virtual directory where the application is installed into the field below and click Next.
* 
NOTE: Take care to ensure that the path entered is unaltered, even down to subtle changes such as character case, in the example Active Roles Server the path must be ARServerAdmin.
6
You will now see the Permissions page, which enables you to control the users who can access the application. By default all Cloud Access Manager users have access to the application. You can restrict access to the application to users who belong to a specific role, but for this example, simply click Next to allow all users to access the application.
7
Enter a name for the application.
8
If the application requires users to log in using their primary credentials, for example their domain account, select Use primary credentials to log into this application and click Next. If the application requires users to use a different username or password, leave the option clear and click Next.
9
You can now configure how the application is displayed on the Cloud Access Manager Portal. Enter the Title and Description you want to display on the Cloud Access Manager Portal. Many applications will require you to configure a particular entry point, for example for Active Roles Server you would need to add ARServerAdmin in the URL field of the Application Portal page.
* 
NOTE: Take care to ensure that the URL entered is unaltered, even down to subtle changes such as character case, in the example Active Roles Server the URL must be ARServerAdmin. The Add application to application portal home and Allow user to remove application from application portal options allow you to specify whether the application should appear automatically on each user’s portal page, and how the user can manage the application from the application portal. The options are shown in Table 7.
Table 7. Application portal options
Add application to application portal home
Allow user to remove application from application portal home
Functionality
application is added to the portal and it cannot be removed by the user through the application catalog.
application is added to the portal and it can be removed by the user through the application catalog.
application is not automatically added to the portal. The user can add or remove the application to/from the portal through the application catalog.
To access the application catalog from the application portal, the user simply needs to click their username, then select Application Catalog. Depending on the settings in the Add application to application portal home and Allow user to remove application from application portal home options, the user can add or remove applications to/from the application portal.
10
Configuration of the application is now complete. Click Finish.

Further considerations

When you have added an application to Dell™ One Identity Cloud Access Manager, you may want to ensure users only access the application using Cloud Access Manager. This may be required if you use Cloud Access Manager to enforce strong authentication for the application, or want to use Cloud Access Manager’s auditing features to monitor application usage. For further information on how to ensure that users access the application using Cloud Access Manager, please refer to Preventing direct access to applications protected by Cloud Access Manager in the Dell™ One Identity Cloud Access Manager Security and Best Practice Guide.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating