Version 7.202.0.0
New Features
New Wizard Workflows
With this release, EmpowerID introduces several new Wizard-based workflows for managing Azure applications and onboarding common objects like EmpowerID Persons, groups, and Management Roles. These new workflows reduce the amount of data users see upfront, making the process more intuitive and user-friendly.
...
▪️ Create Azure Application – Wizard workflow for onboarding Azure applications in selected Azure tenants. This workflow has a number of parameters that you can configure to alter the fields that appear when running the workflow, as well as settings that determine whether human approval is required before EmpowerID fulfills the request and provisions the application in Azure.
| Expand |
|---|
| title | View Workflow Parameters |
|---|
|
Parameter | Description |
|---|
App_Auth_AssignmentRequired_IsVisible | Boolean value to determine whether the Assignment Required? checkbox is visible. | AppAuth_EnableUserSignIn_IsVisible | Boolean value to determine whether the Enabled for users to sign-in? checkbox is visible. | AppAuth_SupportedAccountType_IsVisible | | AppExt_CAP_IsVisible | Boolean value to determine whether the Conditional Access Policy drop down is visible. | AppExt_ExtensionTab_IsVisible | Boolean to determine whether the Application Extension tab of the workflow is visible to users. | AppExt_ExtensionAttribute1_IsVisible | Boolean to determine whether the Application Extension Attribute 1 radio button option is visible. AppExt_ExtensionTab_IsVisible must be set to true for the radio button to be visible. | AppExt_ExtensionAttribute2_IsVisible | Boolean to determine whether the Application Extension Attribute 2 radio button option is visible. AppExt_ExtensionTab_IsVisible must be set to true for the radio button to be visible. | AppExt_ExtensionAttribute3_IsVisible | Boolean to determine whether the Application Extension Attribute 3 radio button option is visible. AppExt_ExtensionTab_IsVisible must be set to true for the radio button to be visible. | AppExt_ExtensionAttribute4_IsVisible | Boolean to determine whether the Application Extension Attribute 4 radio button option is visible. AppExt_ExtensionTab_IsVisible must be set to true for the radio button to be visible. | AppExt_ExtensionAttribute7_IsVisible | Boolean to determine whether the Application Extension Attribute 7 radio button option is visible. AppExt_ExtensionTab_IsVisible must be set to true for the radio button to be visible. | ApplicationLineListDataItemSetName | This specifies the AzureAppApplicationLine list data set of the various application lines that appear to users when selecting the environment for the application. Default list items include those shown below:  | ApplicationType_Location_IsVisible | Boolean value that specifies whether the Select a location section of the workflow wizard form is visible to users. Set to true by default.  | ApplicationType_Location_SelectaLocation_IsVisible | If ApplicationType_Location_IsVisible is true, this Boolean value determines if the Select a Location tree is visible. Set to true by default. | ApplicationType_Location_Tenant_IsVisible | If ApplicationType_Location_IsVisible is true, this Boolean value determines if the Select a tenant drop-down is visible. Set to true by default. | DefaultAzureRBACManagerAppName | Specifies the default Azure RBAC Manager application used by EmpowerID to manage Azure RBAC resources. Set to EIDAzureRBACManager by default. | DefaultAssignmentRequired | Boolean value on the Azure service principal that determines if users and apps or services must first be assigned the application before accessing it. Set to true by default. | DefaultAzureTenantID | This is the GUID of the Azure tenant. If the value is present, the Select a Tenant drop-down will be auto filled with the specified tenant. You can find the Tenant ID for your Azure tenant by navigating to
Azure RBAC Manager > Resources and selecting the Tenants tab.  | DefaultEmailMessageID | | DefaultEnabledUsersSignIn | Boolean value on the Azure Service Principal that determines if assigned users will be able to sign in to this application, either from My Apps, the User access URL, or by navigating to the application URL directly. | DefaultOrgZoneID | Optional setting that specifies the Org Zone ID of the EmpowerID location that should be populated in the Select a Location tree drop-down. | DefaultSupportedAccountType | Default value that specifies the Microsoft accounts that are supported for the application. | ExtensionAttribute1ListDataItemSetName | Boolean to determine whether the Application Extension Attribute 1 radio button option is visible. | ExtensionAttribute2ListDataItemSetName | This points to the AzureAppExtensionAttribute2Choice list data set for displaying custom radio button options. The selected value is stored in the ExtensionAttribute2 attribute of the Protected Application in EmpowerID. | ExtensionAttribute3ListDataItemSetName | This points to the AzureAppExtensionAttribute3Choice list data set for displaying custom radio button options. The selected value is stored in the ExtensionAttribute3 attribute of the Protected Application in EmpowerID. | ExtensionAttribute4ListDataItemSetName | This points to the AzureAppExtensionAttribute4Choice list data set for displaying custom radio button options. The selected value is stored in the ExtensionAttribute4 attribute of the Protected Application in EmpowerID. | IntegrationTypeListDataItemSetName | This points to the AzureAppTypeOfIntegration list data set of the various Application Integration Types. By default, the list contains OIDC, SAML Gallery & SAML Non-Gallery options. | ListDataItemSetTypeName | Internal field for displaying list data items. Do not change the value. | NonGalleryTemplateID | Specifies the default template for creating non-gallery applications. Do not change the value. | ManagementRoleIDsToNotify | Specifies the ID of the Management Role whose members are to be notified each time an Azure application is created. | SupportedAccTypesOIDCListName | This points to the AzureAppSupportedAccountTypes list data set for displaying supported account type radio button options. Default list items include those shown below:  | SupportedAccountTypesTemplateListName | |
|
▪️ Create Azure Application Certificates – Wizard workflow for creating certificates for Azure applications managed by EmpowerID. The workflow has a number of parameters that can be configured to alter the fields that appear to users running the workflow. See /wiki/spaces/EAGV22/pages/2809016579.
| Expand |
|---|
| title | View Workflow Parameters |
|---|
|
Parameter | Purpose |
|---|
DefaultAzureTenantID | This is the GUID of the Azure tenant. If the value is present, the “Select a Tenant” drop down will be auto-selected with the specified tenant. | Easy html macro |
|---|
| theme | {"label":"solarized_dark","value":"solarized_dark"} |
|---|
| contentByMode | {"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <p class = \"bd-callout bd-callout-success\">The tenant you specify here appears by default as the tenant \r\n with the application(s) for which you want to create certificate(s). If you have more than one tenant \r\n managed by EmpowerID, those tenants can be selected on the form. Please note that\r\n once you set a value for this parameter, the value cannnot be null going forward unless you null it in the \r\n EmpowerID Identity Warehouse.</p>\r\n ","javascript":"","css":""} |
|---|
| |
You can find the Tenant ID for your Azure tenant by navigating to
Azure RBAC Manager > Resources and selecting the Tenants tab. | DefaultOrgZoneID | This is the ID of the EmpowerID location where the app certificate will be created . If a value is present, the “Select a Location” drop down will be auto-selected with the location. The location can be changed as desired on the form. | DefaultShareCredential | Boolean value that specifies whether to enable sharing for all app certificates by default. | ShareCredential_IsVisible | Boolean value that specifies whether to show or hide the Share credential checkbox on the form | DefaultVaultCredential | Boolean value that specifies whether to vault all secrets by default | VaultCredential_IsVisible | Boolean value that specifies whether to show or hide the Vault credential checkbox on the form | DefaultOwnerPersonID | This is the Person ID of the certificate owner. If the value is present, the specified person will be the owner for all app certificates. | SelectOwner_IsVisible | Boolean value that specifies whether to show or hide the Owner selection drop-down on the form | DefaultExternalCredentialPolicyID | This is the External Credential Policy ID to be assigned to all app certificates created. | ManagementRoleIDsToNotify | This is a comma separated list of the Management Role IDs of the Management Roles to be notified each time an app certificate is created. | DefaultEmailMessageID | This is the ID of the Email Template used to send email notification to each person belonging to the Management Roles specified in the ManagementRoleIDsToNotifiy parameter. Email notifications are sent each time an app certificate is created. |
|
▪️ Create Azure Application Client Secrets – Wizard workflow for creating client secrets for Azure applications managed by EmpowerID. The workflow has a number of parameters that can be configured to alter the fields that appear to users running the workflow. See /wiki/spaces/EAGV22/pages/2809016822
| Expand |
|---|
| title | View Workflow Parameters |
|---|
|
Parameter | Purpose |
|---|
DefaultAzureTenantID | This is the GUID of the Azure tenant. If the value is present, the “Select a Tenant” drop down will be auto-selected with the specified tenant. | Easy html macro |
|---|
| theme | {"label":"solarized_dark","value":"solarized_dark"} |
|---|
| contentByMode | {"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <p class = \"bd-callout bd-callout-success\">The tenant you specify here appears by default as the tenant \r\n with the application(s) for which you want to create secret(s). If you have more than one tenant \r\n managed by EmpowerID, those tenants can be selected on the form. Please note that\r\n once you set a value for this parameter, the value cannnot be null going forward unless you null it in the \r\n EmpowerID Identity Warehouse.</p>\r\n ","javascript":"","css":""} |
|---|
| |
You can find the Tenant ID for your Azure tenant by navigating to
Azure RBAC Manager > Resources and selecting the Tenants tab. | DefaultOrgZoneID | This is the ID of the EmpowerID location where the client secret will be created . If value is present, the “Select a Location” drop down will be auto-selected with the location. The location can be changed as desired on the form. | DefaultSecretExpirationInDays | This is the default client secret expiration in X days from the current date. X days will be added to the current date. | SelectExpiration_IsVisible | Boolean value that specifies whether to show or hide the expiration field on the form. | DefaultShareCredential | Boolean value that specifies whether to enable sharing for all credentials by default. | ShareCredential_IsVisible | Boolean value that specifies whether to show or hide the Share credential checkbox on the form | VaultShareCredential | Boolean value that specifies whether to vault all secrets by default | VaultCredential_IsVisible | Boolean value that specifies whether to show or hide the Vault credential checkbox on the form | DefaultOwnerPersonID | This is the Person ID of the secret owner. If the value is present, the specified person will be the owner for all client app secrets. | SelectAOwner_IsVisible | Boolean value that specifies whether to show or hide the Owner selection drop-down on the form | DefaultExternalCredentialPolicyID | This is the External Credential Policy ID to be assigned to all client secret credentials created. | ManagementRoleIDsToNotify | This is a comma separated list of the Management Role IDs of the Management Roles to be notified each time a client app secret is created. | DefaultEmailMessageID | This is the ID of the Email Template used to send email notification to each person belonging to the Management Roles specified in the ManagementRoleIDsToNotifiy parameter. Email notifications are sent each time a client app secret is created. |
|
...
▪️ Onboard Person – Wizard workflow for onboarding people with different options for the onboarding process. The amount of data and options available to users can be controlled via workflow parameters.
| Expand |
|---|
| title | View Workflow Parameters |
|---|
|
Parameter | Description |
|---|
CreationModeListDataItemTypeName | This is a list that contains the available modes for onboarding people. | EmailMessageIdForMgtRoles | Integer that specifies the email message to be sent to all members belonging to the target Management Roles. | EmailMessageIdForNewPerson | Integer that specifies the email message to be sent to the newly onboarded person. | EmailMessageIdForPersonManager | Integer that specifies the email message to be sent to the manager of the newly onboarded person. | IsAssignGroupMembership_IsVisible | Boolean value that determines whether the Assign Group membership section of the workflow is visible to users. | IsAssignMgmtRoleBundleMembership_IsVisible | Boolean value that determines whether the Assign Management Role Bundle Membership section of the workflow is visible to users. | IsAssignObjectVisibilityAccessRoles_IsVisible | Boolean value that determines whether the Assign Visibility Access Role section is visible to users. | IsAssignPreApprovedMgmtRole_IsVisible | Boolean value to determine whether the Assign Pre-Approved Management Roles section of the workflow is visible to users. | IsAssignRbacOperationAccessRoles_IsVisible | Boolean value to determine whether the Assign RBAC Operation Access Roles section of the workflow is visible to users. | IsAssignSecondaryRoleAndLocation_IsVisible | Boolean value to determine whether the Assign Secondary Role and Location section of the workflow is visible to users. | IsAssignUIAccessRoles_IsVisible | Boolean value that determines whether the Assign UI Access Roles section of the workflow is visible to users. | IsAutoGeneratePassword_IsVisible | Boolean value that specifies whether the Auto Generate Password option is visible to users. | OnboardPersonCreationMode_ItemSetName | Specifies the List Item Set Name containing the creation modes presented to users running the workflow. | OnboardPersonPropertiesToClone | Specifies the properties to clone from a selected person to the new person when running the workflow in Create Person From Another mode. Default properties include: LastName FirstName Address.City Address.State
| PersonPropertiesToClone | Specifies the properties to clone from a selected person to the new person when running the workflow in Create Person From Another mode. Default properties include: Name Address ManagerInfo PrimaryLocationAndRole OrganizationBasicInfo OrganizationContactInfo
| SendForApproval | Boolean value that specifies whether the onboarding request needs to be routed for human approval before the systems provisions the new person. |
|
...