Assigning Applications to End Users
Last updated
Was this helpful?
Last updated
Was this helpful?
Once the managed application has been added to your Cymmetri Identity platform tenant, you will be able to assign applications to your end-users.
There are three ways in which users may be assigned to users -
Admin may assign an application directly to a user.
Admin may map an application to a group; and the user is added to the group or is already part of the group.
End User may request an application and is granted access to the application.
There are flows in which is user is assigned to the application
Users of the Cymmetri Identity platform deployment having admin roles among Organization Admin, Domain Admin, and Application Admin, will be able to assign an end-user to a managed application.
First, we need to add the application to the Cymmetri Identity platform deployment for managing it through Cymmetri deployment.
Next, we move to configure the application to assign it to an end user.
Click on the application tile to configure it.
The flow for assignment goes as follows -
Admin clicks on the application tile, and starts the configuration.
Click on the “assign new” button on the users menu.
We see the following fields here -
Start Date - When the user will be assigned the application.
End Date - When the user will be deprovisioned from the application.
Lifetime Access - If selected, the user will be assigned the application for the entire duration that they are active in the Cymmetri Identity platform.
Dynamic Form Fields - Dynamic form fields may be configured by the admin and enabled to allow the administrator to add more user attribute fields.
Preferred Username - Mandatory text field
Request Additional Modules - Optional Radio button
This step shows that the workflow has been initiated for the user. This is because, we have enabled the workflow for application provisioning (user assignment) for this managed application.
The approver may change the start and end date, if required; refer to the dynamic form attributes passed during the application assignment.
Let us click on accept to continue the flow.
Let us click “Accept” to proceed.
After the last level approver has also approved the assignment, the backend processes will run the application provisioning flow.
Once the user has been provisioned in the application, they will be able to see it in their list of applications.
Users of the Cymmetri Identity platform deployment having admin roles among Organization Admin, Domain Admin, and Application Admin, will be able to assign an entire group of users to a managed application.
First, we need to add the application to the Cymmetri Identity platform deployment for managing it through Cymmetri deployment.
Next, we move to configure the application to assign it to a group.
Click on the application tile to configure it.
The flow for assigning a group to an application goes as follows -
Admin clicks on the application tile, and starts the configuration.
Click on the assignments tab on the left hand side menu.
3. Click on the “Assign New” button in the groups section.
4. Search for the group you wish to assign the application to and click on the assign button.
6. Viewing the application tiles, we can see if the user was directly assigned the application or received access by the virtue of being part of a group.
Users of the Cymmetri Identity platform deployment will be able to request for access to a managed application.
The flow for an end-user to request for an application is as follows -
User visits their “My Workspace” menu.
Click on the “My access” left-hand side menu.
5. We see the following fields here -
a. Start Date - When the user will be assigned the application.
b. End Date - When the user will be deprovisioned from the application.
c. Lifetime Access - If selected, the user will be assigned the application for the entire duration that they are active in the Cymmetri Identity platform.
d. Dynamic Form Fields - Dynamic form fields may be configured by the admin and enabled to allow the administrator to add more user attribute fields.
i. Preferred Username - Mandatory text field
ii. Request Additional Modules - Optional Radio button
This step shows that the workflow has been initiated for the user. This is because, we have enabled the
workflow for application provisioning (user assignment) for this managed application. The workflow approver will then receive a request to approve the user assignment in their inbox.
Now the approver may approve or reject the user assignment
The approver may change the start and end date, if required; refer to the dynamic form attributes passed during the application assignment. Let us click on accept to continue the flow. Now the next level of approver will be able to see the previous levels of approval, and similar to the previous level of approval, the approver may change the start and end date, if required; refer to the dynamic form attributes passed during the application assignment.
Let us click “Accept” to proceed. After the last level approver has also approved the assignment, the backend processes will run the application provisioning flow. Once the user has been provisioned in the application, they will be able to see it in their list of applications.
Dynamic Form allows the administrator to request additional fields from the administrator or the end user assigning the applications to collect additional user fields to be used for provisioning the user into the managed application.
Creating a dynamic form involves the administrator configuring the managed application by clicking on the left-hand side menu item “forms”.
You may now load the default form by clicking on the “Load Sample form”
You may now edit the default form, a preview of the form will be shown on the right hand side.
Let us imagine a simple form that can capture “Preferred Username” [text field] and “Request Additional Modules” [Radio] with two options “Admin” and “Readonly”.
Click on the save button.
Now click on the “Confirm” button in the popup to enable the form for the application.
Click on the assignments tab on the left hand side menu.
Search for a user in the search text box, and once the user is found, click on the “assign” button.
Now click on save to register a request for application assignment.
This will raise a request to provide “lifetime” access to the user with the given custom attributes.
The workflow approver will then receive a request to approve the user assignment in their inbox.
Now the approver may approve or reject the user assignment
Now the next level of approver will be able to see the previous levels of approval, and similar to the previous level of approval, the approver may change the start and end date, if required; refer to the dynamic form attributes passed during the application assignment.
5. Checking for the users who belong to the group, we can see that the application has been assigned.
3. Now Click on the “+ Request” button on the top-right button.
4. Click on the Application Icon to start the request process
Now click on save to register a request for application assignment.
This will raise a request to provide “lifetime” access to the user with the given custom attributes.
