Application onboarding
Application on-boarding refers to the process of adding an application to OpenIAM so that the application can participate in one or more of the following operations:
- Joiner, mover, and leaver (JML) processes
- Request/approval workflows.
- Audit and compliance activities.
It may not be possible to integrate the full universe of applications. As such, applications can be segregated into the following types:
- Automated applications - applications which can be integrated using connectors.
- Manual applications - applications which cannot be integrated using connectors. In this case CSV files are usually used for importing the data needed from applications.
- Applications of little significance with no audit impact. The business may decide not to integrate these applications.
Application onboarding process comes after defining business requirements and objectives in sufficient detail for the implementation team. Failure to do so can result in project overruns and failure.
Automated applications
Automated applications integrate with the target application using connectors. A connector enables direct communication with the application to allow near real time updates to identity information resulting from the JML processes. In addition to the automation, organizations also benefit from the audit logs resulting from these operations since the access to logs can help to improve security and compliance.
There are several steps to integrate applications using connectors, these all are described below in connector related documents.
Manual applications
Unlike automated applications, where a connector enables near real time integration with the business application to support JML processes, the integration with manual applications is limited to importing data that has been exported from the application. The primary benefits of this level of integration is to be able to:
- Have a complete view of a user's access across applications.
- Support governance activities such as access certifications.
- Support request/approval workflows.
Onboarding of applications which lack connectors is described in the following sections.
- Register application in OpenIAM
- Load application entitlements
- Load existing users and their entitlements
After the user has connected the application and imported the users and entitlements, the next step is to configure automated provisioning and deprovisioning, which is going to be described in the respective sections.