Powered by Algolia

    Access to SSO applications

    In OpenIAM, adding an application to the Launchpad or My Applications tab in SelfService is directly linked to the authentication provider assigned to the user.

    To make an application available in the Launchpad, a user must be added to a Group and assigned a Role, as described in the Create Role section. Once access is granted, the application icon will be displayed in the Launchpad and under My Applications.

    Methods of granting access to SSO applications

    Users can gain access to SSO applications through the following methods.

    1. Via webconsole
      Administrators can manually assign users to Roles and Groups. See Create Role document for details.

    2. Via synchronization from an HR System
      User entitlements can be synchronized from an HR system or other external sources. Learn more in Importing Roles.

    3. Via Business rules (Birthright Access)
      Some users may receive automatic access through predefined Birthright Rules. See Birthright section for more information.

    4. Via SelfService request
      Users can request access to applications through the SelfService catalog. Learn how in the Requests tutorial.

    Checking user access to SSO applications

    There are multiple ways to verify whether a user has access to a specific application.

    1. Check the Authentication provider

    To check which authentication providers are available for SSO applications, follow the steps below.

    1. Navigate to the Authentication Provider section.
    2. Click Edit on the relevant authentication provider.

    The authentication providers that can be displayed in the Launchpad are identified as OAUTH-CLIENT or- SAML_PROVIDER.

    Authentication Provider

    2. Check the linked Resources

    Although authentication providers do not have entitlements directly, their associated Resources do. To verify access:

    1. Open the Application Provider Editing window.
    2. Click Linked to Resources to open the Resource Editing window.

    Linked to Resource

    3. Verify Resource entitlements

    Within the Resource Edit window:

    1. Navigate to the Entitlements tab in the side menu.
    2. Note that users cannot be assigned directly to a resource.
      Instead, resources are linked to Roles and Groups, meaning that a user must be a member of a Group and have a Role to gain access to an SSO application.

    4. Check user entitlements

    To check whether a specific user has access to an SSO application:

    1. Navigate to the User Entitlements section.
    2. Select the Resources tab.

    User Entitlements

    The entitlement table displays all the Roles, Groups, and Resources assigned to the user.

    5. Self-check via SelfService

    Users can verify their own entitlements through SelfService by:

    1. Navigating to the My Access tab.
    2. Reviewing the list of Groups and Roles they are assigned to.

    This ensures transparency in access management and allows users to confirm their permissions without administrator intervention.

    Previous
    Managing organizations
    Next
    Configuring approval workflows