LogoLogo
Archive
Archive
  • Introduction to Cymmetri Cloud 2.0
    • FAQ
      • Adding the Application
      • Supported Web Browsers
      • Forgot Password & Unlock Account
      • Cymmetri Error codes
      • Help
  • Getting Started with Cymmetri Cloud 2.0
    • What is Cymmetri?
    • Starting your Cymmetri Cloud 2.0 Trial
    • Accessing Cymmetri Cloud
    • First Time User Registration
    • Logging in as an end user
    • Setting up Multi-factor authentication rules for Login
  • Administration
    • Reports and Analytics
  • My Workspace
    • Getting Started
      • Introduction
      • Login with External Identity Provider - Social logins
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • Session Management
  • Application Management
    • FAQ
      • Support for Application Management
    • Getting Started
      • Introduction to Application Management
      • Adding Applications to be managed by Cymmetri
      • Assigning Applications to End Users
      • Configuring Connector Server
    • SSO How to
      • Configure Single Sign On
      • Configure SAML 2.0 Single Sign On
      • Configure API SSO
      • Configure OpenID Connect based Single SignOn
    • Provisioning How to
      • Azure Provisioning
      • Active Directory (AD) Provisioning
      • Google Apps (Workspace) Provisioning
      • LDAP Provisioning
      • Powershell Provisioning
      • REST Connector Provisioning
      • SCIM v2.0 Provisioning with Basic Authentication
      • SCIM 2.0 with Bearer Authentication
      • SCIM 2.0 with Fixed Bearer
      • Github Provisioning
    • Reconciliation How to
      • Configuring Reconciliation Process
  • Managing Users and Groups
    • Setting up Users and Groups
      • Create Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Setting up permissions for Delegation
  • Common Features
    • Features used throughout the Cymmetri Platform
      • Workflow Management
      • Configuring Webhooks
      • Multifactor Authentication (MFA)
  • Personalization
    • How to configure your tenant and personalize it
      • Adding new admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Add Branding to your tenant
      • Adding Custom Attributes for User Object
  • Authentication
    • Identity Federation
      • Steps to Configure Azure AD as External IDP for Cymmetri
  • Governance
    • Access Certification
      • Setting up and managing Access Reviews
  • Additional Tools
    • Miscellanous Tools and Utilities
      • Password Filter
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
Powered by GitBook
On this page
  • User Assignment Scenarios
  • Flows of Scenarios
  • Admin assigns an application directly to the end user
  • Admin assigns an application directly to a group
  • User requests for an application
  • Dynamic Form
  • Creating a dynamic form

Was this helpful?

Export as PDF
  1. Application Management
  2. Getting Started

Assigning Applications to End Users

Last updated 1 year ago

Was this helpful?

Cymmetri.com

Once the managed application has been added to your Cymmetri Identity platform tenant, you will be able to assign applications to your end-users.

User Assignment Scenarios

There are three ways in which users may be assigned to users -

  1. Admin may assign an application directly to a user.

  2. Admin may map an application to a group; and the user is added to the group or is already part of the group.

  3. End User may request an application and is granted access to the application.

Flows of Scenarios

There are flows in which is user is assigned to the application

Admin assigns an application directly to the end user

Users of the Cymmetri Identity platform deployment having admin roles among Organization Admin, Domain Admin, and Application Admin, will be able to assign an end-user to a managed application.

First, we need to add the application to the Cymmetri Identity platform deployment for managing it through Cymmetri deployment.

Next, we move to configure the application to assign it to an end user.

Click on the application tile to configure it.

The flow for assignment goes as follows -

Flow Description

  1. Admin clicks on the application tile, and starts the configuration.

  2. Click on the “assign new” button on the users menu.

  3. We see the following fields here -

    1. Start Date - When the user will be assigned the application.

    2. End Date - When the user will be deprovisioned from the application.

    3. Lifetime Access - If selected, the user will be assigned the application for the entire duration that they are active in the Cymmetri Identity platform.

    4. Dynamic Form Fields - Dynamic form fields may be configured by the admin and enabled to allow the administrator to add more user attribute fields.

      1. Preferred Username - Mandatory text field

      2. Request Additional Modules - Optional Radio button

  4. This step shows that the workflow has been initiated for the user. This is because, we have enabled the workflow for application provisioning (user assignment) for this managed application.

  5. The approver may change the start and end date, if required; refer to the dynamic form attributes passed during the application assignment.

  6. Let us click on accept to continue the flow.

  7. Let us click “Accept” to proceed.

  8. After the last level approver has also approved the assignment, the backend processes will run the application provisioning flow.

  9. Once the user has been provisioned in the application, they will be able to see it in their list of applications.

Admin assigns an application directly to a group

Users of the Cymmetri Identity platform deployment having admin roles among Organization Admin, Domain Admin, and Application Admin, will be able to assign an entire group of users to a managed application.

First, we need to add the application to the Cymmetri Identity platform deployment for managing it through Cymmetri deployment.

Next, we move to configure the application to assign it to a group.

Click on the application tile to configure it.

The flow for assigning a group to an application goes as follows -

Flow Description

  1. Admin clicks on the application tile, and starts the configuration.

  2. Click on the assignments tab on the left hand side menu.

3. Click on the “Assign New” button in the groups section.

4. Search for the group you wish to assign the application to and click on the assign button.

6. Viewing the application tiles, we can see if the user was directly assigned the application or received access by the virtue of being part of a group.

User requests for an application

Users of the Cymmetri Identity platform deployment will be able to request for access to a managed application.

The flow for an end-user to request for an application is as follows -

Flow Description

  1. User visits their “My Workspace” menu.

  2. Click on the “My access” left-hand side menu.

5. We see the following fields here -

a. Start Date - When the user will be assigned the application.

b. End Date - When the user will be deprovisioned from the application.

c. Lifetime Access - If selected, the user will be assigned the application for the entire duration that they are active in the Cymmetri Identity platform.

d. Dynamic Form Fields - Dynamic form fields may be configured by the admin and enabled to allow the administrator to add more user attribute fields.

i. Preferred Username - Mandatory text field

ii. Request Additional Modules - Optional Radio button

  1. This step shows that the workflow has been initiated for the user. This is because, we have enabled the

workflow for application provisioning (user assignment) for this managed application. The workflow approver will then receive a request to approve the user assignment in their inbox.

Now the approver may approve or reject the user assignment

The approver may change the start and end date, if required; refer to the dynamic form attributes passed during the application assignment. Let us click on accept to continue the flow. Now the next level of approver will be able to see the previous levels of approval, and similar to the previous level of approval, the approver may change the start and end date, if required; refer to the dynamic form attributes passed during the application assignment.

Let us click “Accept” to proceed. After the last level approver has also approved the assignment, the backend processes will run the application provisioning flow. Once the user has been provisioned in the application, they will be able to see it in their list of applications.

Dynamic Form

Dynamic Form allows the administrator to request additional fields from the administrator or the end user assigning the applications to collect additional user fields to be used for provisioning the user into the managed application.

Creating a dynamic form

Creating a dynamic form involves the administrator configuring the managed application by clicking on the left-hand side menu item “forms”.

You may now load the default form by clicking on the “Load Sample form”

You may now edit the default form, a preview of the form will be shown on the right hand side.

Let us imagine a simple form that can capture “Preferred Username” [text field] and “Request Additional Modules” [Radio] with two options “Admin” and “Readonly”.

Click on the save button.

Now click on the “Confirm” button in the popup to enable the form for the application.

Click on the assignments tab on the left hand side menu.

Search for a user in the search text box, and once the user is found, click on the “assign” button.

Now click on save to register a request for application assignment.

This will raise a request to provide “lifetime” access to the user with the given custom attributes.

The workflow approver will then receive a request to approve the user assignment in their inbox.

Now the approver may approve or reject the user assignment

Now the next level of approver will be able to see the previous levels of approval, and similar to the previous level of approval, the approver may change the start and end date, if required; refer to the dynamic form attributes passed during the application assignment.

5. Checking for the users who belong to the group, we can see that the application has been assigned.

3. Now Click on the “+ Request” button on the top-right button.

4. Click on the Application Icon to start the request process

Now click on save to register a request for application assignment.

This will raise a request to provide “lifetime” access to the user with the given custom attributes.