Chat now with support
Chat with Support

Identity Manager 9.2.1 - Application Governance User Guide

Displaying identities with application access to application entitlements

For each application, you can display those identities that have access to the application entitlements of an application. In this way, you can ensure that no one has unauthorized access to applications or the associated application entitlements.

To identities with application access to application entitlements

  1. In the menu bar, click Data administration > Applications.

  2. On the Applications page, click the application you want to validate.

  3. On the application's overview page, click the Identities With Access tab.

  4. (Optional) To view which application entitlements an identity has access to, click Details in the corresponding tile.

Creating applications

The first step in the onboarding process for an application involves creating a new application. After that, you can assign application entitlements (see Assigning entitlements to applications and IT Shop) and publish them in the Web Portal (see Publishing applications and Publishing application entitlements).

To create a new application

  1. In the menu bar, click Data administration > Applications.

  2. On the Applications page, click (Create).

  3. On the Create Application page, enter the following information about the new application:

    • Application: Enter the name of the application.

    • Description: Enter a description for the application. For example, where and for what the application will be use.

    • Service Category: (Optional) Click Assign and then the service category that you want to assign to the application.
      To create a new service category with the same name as the application, leave this field empty.
      Under this category, users can find all associated products available to be requested in the Web Portal, for example.

    • Manager: (Optional) Select a manager for the application. This manager is responsible for the application and can manage the application.

      TIP: You can enter part of an identity's name to filter the list and then select one of the suggested identities.

    • Owner (application role): (Optional) Click Select and then the application role whose members can manage the application.

  4. (Optional) In the Icon field, click Add and perform the following:

    1. In the Edit Application Icon dialog, click one of the suggested icons or click Upload Image and load an image (in png format) from your hard disk.

    2. Click Save.

  5. In the Create Application pane, click Save.

    This creates the application. Now you can edit the application to configure more settings and to assign application entitlements.

Related topics

Editing applications

To make changes to existing applications, you can edit them at any time. If you edit an application, you can change some properties directly, such as assigning an to the application.

You can also assign and publish application entitlements and then unassign and unpublish them again.

To edit application properties

  1. In the menu bar, click Data administration > Applications.

  2. On the Applications page, click the application you want to edit.

  3. On the application's overview page, click the Details tab.

  4. On the Details tab, click Edit.

  5. In the Edit Application pane, change any application data required:

    • (Optional) Under Icon, click Add/Change and perform the following:

      1. In the Edit Application Icon dialog, click one of the suggested icons or click Select image and load an image (in PNG format) from your hard disk.

      2. Click Save.

    • Application: Enter the name of the application.

    • Description: Enter a description for the application. For example, where and for what the application will be use.

    • Manager: Select a manager for the application. This manager is responsible for the application and can manage the application.

      TIP: You can enter part of an identity's name to filter the list and then select one of the suggested identities.

    • Owner (application role): Select the application role whose members can configure the application.

    • Approver (application role): Select an approver application role. If an identity requests one of the application's application entitlements, the members of this application role make the approval decision about the request (if the BE - Approver of a application approval procedure is used).

    • IT Shop structures: Select the shop that you want to publish the application in.

    • Date of next attestation: Enter the date to attest the application. Click (Calendar) to do this and use the date picker to select the date.

  6. Enter more details in the following fields. These field only serve to provide information and do not have any functionality:

    • Applications: user account assignments: Select the user accounts used by the application. Perform the following actions as well:

      1. Click Assign/Change next to the field.

      2. In the Edit User Accounts pane, set the check box next to the relevant user account.

      3. Click Apply.

    • Environment: Select the application's environment.

    • Web page: Enter a URL for the application. Use the following format: https://www.example.com or http://www.example.com.

    • Integrated authentication: Check this box if the application uses integrated authentication. Also enter the Authentication directory service.

    • Authentication directory service: Select the authentication directory service used by the application.

    • Federation enabled: Check this box if the application supports federations.

    • Multi-factor authentication: Check this box if the application supports multi-factor authentication.

    • Single sign-on: Check this box if the application supports single sign-on.

    • Redirection URL: Enter a URL for forwarding to a login with single sign-on. Use the following format: https://www.example.com or http://www.example.com.

    • Number of purchased items: Enter how many licenses have been purchased for the application.

    • Risk index: Enter the application's risk index. The higher this value is, the higher the risk of requests for application objects.

    • Functional area: Select the functional area the application belongs to.
      Perform the following actions to do this:

      1. Click Assign/Change next to the field.

      2. In the Edit Functional Area pane, click the relevant functional area.

  7. Click Save.

Detailed information about this topic

Assigning entitlements to applications

If an application is going to need entitlements at some point or they should be requestable, you must assign them to the application. You can publish these application entitlements later to make them requestable.

The following options are available for assigning entitlements to application:

  • You can assign application entitlements manually to applications.

  • You can merge several application entitlements in to system role and then assign it to applications.

  • You can create and edit conditions. If an application entitlement fulfills these conditions, it is automatically assigned to the application. Once the conditions for automatic assignment have been created, you can verify, at any time, whether new application entitlements match the conditions and can be assigned.

To manually assign an application entitlement to an application

  1. In the menu bar, click Data administration > Applications.

  2. On the Applications page, click the application to which you want to assign an application entitlement.

  3. On the application overview page, click the Application entitlements tab.

  4. On the Application entitlements tab, perform one of the following actions:

    • If the application has not yet been assigned application entitlements, click Assign application entitlement.

    • If the application has already been assigned application entitlements, click Assign more > Assign manually.

  5. In the Application entitlements assigned pane, in the Type menu, select the type of application entitlement you want to assign to the application.

  6. Select the check box next to the application entitlement that you want to assign to the application.

    TIP: To select all the application entitlements listed, select the check box at the top of the list.

  7. Click Assign.

To merge multiple application entitlements into one system role and then assign it to the application

  1. In the menu bar, click Data administration > Applications.

  2. On the Applications page, click the application to which you want to assign an application entitlement.

  3. On the application overview page, click the Application entitlements tab.

  4. On the Application entitlements tab, perform one of the following actions:

    • If the application has not yet been assigned application entitlements, click Assign application entitlement.

    • If the application has already been assigned application entitlements, click Assign more > Assign manually.

  5. In the Application entitlements assigned pane, in the Type menu, select the type of application entitlement you want to assign to the application.

  6. Select the check box next to the application entitlements that you want to merge into a system role.

    TIP: To select all the application entitlements listed, select the check box at the top of the list.

  7. Click Merge Application Entitlements Into System Role.

  8. Perform one of the following actions:

    • To merge the application entitlements into a new system role, enable the Create new system role option, enter a name for the new system role in the Name input field, and click Create new system role.

    • To merge the application entitlements into an existing system role, enable the Add to existing system role option, click the appropriate system role, and click Add to system role.

To automatically assign application entitlements to an application

  1. In the menu bar, click Data administration > Applications.

  2. On the Applications page, click the application to which you want to assign an application entitlement.

  3. On the application overview page, click the Application entitlements tab.

  4. On the Application entitlements tab, perform one of the following actions:

    • If the application has not yet been assigned application entitlements, click Create automatic assignment.

    • If the application has already been assigned application entitlements, click Assign more > Assign automatically.

  5. In the Create Automatic Assignment pane, use conditions to specify which application entitlements to assign to the application. Perform the following actions to do this:

    1. Click Add condition.

    2. In the Property menu, select the relevant property.

    3. In the Operator menu, select a logical operator.

    4. In the final field, specify a comparison value.

    5. (Optional) To add another condition, click Add another condition and repeat the steps.

    6. (Optional) To change the way the conditions are linked, you can toggle between And and Or by clicking the link.

    TIP: To remove a condition, click (Delete).

    For more information about customizing filter conditions, see One Identity Manager Web Portal User Guide.

    TIP: To verify which application entitlements the conditions apply to, click Test automatic assignment.

  6. Click Save automatic assignment.

    This open the View Matching Application Entitlements pane and shows you all the application entitlements added to this application due to the conditions.

  7. (Optional) To assign the application entitlements immediately after saving the application's conditions, enable the Assign application entitlements after saving switch.

  8. Click Save automatic assignment.

To edit conditions for automatic assignment

  1. In the menu bar, click Data administration > Applications.

  2. On the Applications page, click the application to which you want to assign an application entitlement.

  3. On the application overview page, click the Application entitlements tab.

  4. On the Application Entitlements tab, click Assign more > Edit automatic assignment.

  5. In the Edit Automatic Assignment pane, use conditions to specify which application entitlements to assign to the application. Perform the following actions to do this:

    1. Click Add condition.

    2. In the Property menu, select the relevant property.

    3. In the Operator menu, select a logical operator.

    4. In the final field, specify a comparison value.

    5. (Optional) To add another condition, click Add another condition and repeat the steps.

    6. (Optional) To change the way the conditions are linked, you can toggle between And and Or by clicking the link.

    TIP: To remove a condition, click (Delete).

    For more information about customizing filter conditions, see .One Identity Manager Web Portal User Guide

    TIP: To verify which application entitlements the conditions apply to, click Test automatic assignment.

  6. Click Save automatic assignment.

    This open the View Matching Application Entitlements pane and shows you all the application entitlements added to this application due to the conditions.

  7. (Optional) To assign the application entitlements immediately after saving the application's conditions, enable the Assign application entitlements after saving switch.

  8. Click Save automatic assignment.

To check for new application entitlements that fulfill the specified conditions for automatic assignment

  1. In the menu bar, click Data administration > Applications.

  2. On the Applications page, click the application to which you want to assign an application entitlement.

  3. On the application overview page, click the Application entitlements tab.

  4. On the Application Entitlements tab, click Assign more > Check for new automatic assignments.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating