Assigning Applications to End Users

Once the managed application has been added to your Cymmetri Identity platform tenant, you will be able to assign applications to your end-users.

User Assignment Scenarios

There are three ways in which users may be assigned to users -

Admin may assign an application directly to a user.
Admin may map an application to a group; and the user is added to the group or is already part of the group.
End User may request an application and is granted access to the application.

Flows of Scenarios

There are flows in which is user is assigned to the application

Admin assigns an application directly to the end user

Users of the Cymmetri Identity platform deployment having admin roles among Organization Admin, Domain Admin, and Application Admin, will be able to assign an end-user to a managed application.

First, we need to add the application to the Cymmetri Identity platform deployment for managing it through Cymmetri deployment.

Next, we move to configure the application to assign it to an end user.

Click on the application tile to configure it.

The flow for assignment goes as follows -

Flow Description

Admin clicks on the application tile, and starts the configuration.
Click on the assignments tab on the left hand side menu.
Click on the “assign new” button on the users menu.
Search for a user in the search text box, and once the user is found, click on the “assign” button.
We see the following fields here -
1. Start Date - When the user will be assigned the application.
2. End Date - When the user will be deprovisioned from the application.
3. Lifetime Access - If selected, the user will be assigned the application for the entire duration that they are active in the Cymmetri Identity platform.
4. Dynamic Form Fields - Dynamic form fields may be configured by the admin and enabled to allow the administrator to add more user attribute fields.
  1. Preferred Username - Mandatory text field
  2. Request Additional Modules - Optional Radio button
Now click on save to register a request for application assignment.
This will raise a request to provide “lifetime” access to the user with the given custom attributes.
This step shows that the workflow has been initiated for the user. This is because, we have enabled the workflow for application provisioning (user assignment) for this managed application.
The workflow approver will then receive a request to approve the user assignment in their inbox.
Now the approver may approve or reject the user assignment
The approver may change the start and end date, if required; refer to the dynamic form attributes passed during the application assignment.
Let us click on accept to continue the flow.
Now the next level of approver will be able to see the previous levels of approval, and similar to the previous level of approval, the approver may change the start and end date, if required; refer to the dynamic form attributes passed during the application assignment.
Let us click “Accept” to proceed.
After the last level approver has also approved the assignment, the backend processes will run the application provisioning flow.
Once the user has been provisioned in the application, they will be able to see it in their list of applications.

Admin assigns an application directly to a group

Users of the Cymmetri Identity platform deployment having admin roles among Organization Admin, Domain Admin, and Application Admin, will be able to assign an entire group of users to a managed application.

First, we need to add the application to the Cymmetri Identity platform deployment for managing it through Cymmetri deployment.

Next, we move to configure the application to assign it to a group.

Click on the application tile to configure it.

The flow for assigning a group to an application goes as follows -

Flow Description

Admin clicks on the application tile, and starts the configuration.
Click on the assignments tab on the left hand side menu.

3. Click on the “Assign New” button in the groups section.

4. Search for the group you wish to assign the application to and click on the assign button.

5. Checking for the users who belong to the group, we can see that the application has been assigned.

6. Viewing the application tiles, we can see if the user was directly assigned the application or received access by the virtue of being part of a group.

User requests for an application

Users of the Cymmetri Identity platform deployment will be able to request for access to a managed application.

The flow for an end-user to request for an application is as follows -

Flow Description

User visits their “My Workspace” menu.
Click on the “My access” left-hand side menu.

3. Now Click on the “+ Request” button on the top-right button.

4. Click on the Application Icon to start the request process

5. We see the following fields here -

a. Start Date - When the user will be assigned the application.

b. End Date - When the user will be deprovisioned from the application.

c. Lifetime Access - If selected, the user will be assigned the application for the entire duration that they are active in the Cymmetri Identity platform.

d. Dynamic Form Fields - Dynamic form fields may be configured by the admin and enabled to allow the administrator to add more user attribute fields.

i. Preferred Username - Mandatory text field

ii. Request Additional Modules - Optional Radio button

Now click on save to register a request for application assignment.
This will raise a request to provide “lifetime” access to the user with the given custom attributes.
This step shows that the workflow has been initiated for the user. This is because, we have enabled the

workflow for application provisioning (user assignment) for this managed application. The workflow approver will then receive a request to approve the user assignment in their inbox.

Now the approver may approve or reject the user assignment

The approver may change the start and end date, if required; refer to the dynamic form attributes passed during the application assignment. Let us click on accept to continue the flow. Now the next level of approver will be able to see the previous levels of approval, and similar to the previous level of approval, the approver may change the start and end date, if required; refer to the dynamic form attributes passed during the application assignment.

Let us click “Accept” to proceed. After the last level approver has also approved the assignment, the backend processes will run the application provisioning flow. Once the user has been provisioned in the application, they will be able to see it in their list of applications.

Dynamic Form

Dynamic Form allows the administrator to request additional fields from the administrator or the end user assigning the applications to collect additional user fields to be used for provisioning the user into the managed application.

Creating a dynamic form

Creating a dynamic form involves the administrator configuring the managed application by clicking on the left-hand side menu item “forms”.

You may now load the default form by clicking on the “Load Sample form”

You may now edit the default form, a preview of the form will be shown on the right hand side.

Let us imagine a simple form that can capture “Preferred Username” [text field] and “Request Additional Modules” [Radio] with two options “Admin” and “Readonly”.

Click on the save button.

Now click on the “Confirm” button in the popup to enable the form for the application.

Last updated 1 year ago