Register applications
Manual application, like automated applications, must be registered within OpenIAM before we can perform operations related to this. These applications can be registered individually through the UI or they can be bulk created if there are a large number of them. The sections describe how to register an application.
Register application from the UI
To register an application follow the steps below:
- Go to the following menu option in the /webconsole:
Provisioning -> Synchronization - Click on
Create managed systemfrom the side menu - The screen below will be shown.
Populate the screen using the table below
| Field Name | Description |
|---|---|
| Connector | Leave this field blank for manual application |
| Managed System Name | Name of the managed system configuration or application |
| Description | Description of the application which will help end-users recognize this application in the service catalog. |
| Manual | Enable this checkbox for manual applications. |
| Active | Enable this checkbox to indicate that this configuration is active. Uncheck it to disable the application from being selected in the catalog. |
| Category | Select the service catalog category in which you want your application to appear in |
Define application owner
OpenIAM's out of the box workflows support the ability to use application owners and admins. To define either the application owner or admin, follow the steps below.
- Goto
Webconsole -> Access control -> Resource - Filter the list of resources by
Manual managed systemas shown in the image below.
After finding your application, click on the application's Actions button and to see the resource/managed system details as shown in the image below.
On the screen below, you will notice two fields: Resource owner and Resource admin. To define either the resource owner (aka Application owner) or the resource admin (aka Application admin), follow the steps below:
- Select if the owner or admin will be a
UserorGroupin the first drop down. If its a group, then anyone on a group can approval. - Select the name of the user or group in the second field.
Example is shown below:
Define an application approval flow
If an application will be selectable from the service catalog in the self-service portal, then you should consider wether the application should require approval before access can be granted. To support this behavior, OpenIAM provides the ability to define approval steps for each application. You can define the approval process using the steps below:
- Go to
Webconsole -> Access control -> Resource - Filter by
Manual managed systemand search for your application - View the application details by clicking on the application's actions button
- From the side menu, click on
Approver associations. You will see the screen shown below.
By default, the sysadmin account is assigned as an approver. To modify the first approver, click on the Actions button, and change then approver as shown below.
| Field name | Description |
|---|---|
| Approver | Defines who will approve a request. This can be a selected users, requestee's immediate supervisor, Group of people, people in role, application owner, or application admin. |
| Notify on approval | Person to notify when a request has been approved. |
| Notify on rejection | Person to notify when a request has been rejected. |
| 1* | Number of reminder's to send to the approver to encourage them to complete the request. |
| 2* | Number of days which must elapse before reminder notice is sent. |
| 3* | Days to escalation. This value is calculated based on the values in 1 and 2. |
To add additional approval steps, click on the + button and complete the row as described above.