When users log in to Upon logging into Resource Admin, the first page they see is users are directly taken to the Applications page. This page is a user-friendly interface designed to simplify streamlines application management . It provides users with various by offering tabs, views, and controls for interacting with, creating, and updating both Azure and non-Azure applications and options . It also includes functionalities for managing any Claims Mapping Policies associated with related to Azure applications.
...
Once on the Applications page, users can search for specific applications or Claims Mapping Policies and manage those objects as needed.
...
Searching for Applications
Each object in In the EmpowerID Identity Warehouse has , each object possesses a 'SearchTerms property with a specific set of search values that can be used to return all objects matching those values' property. This property contains specific search values, enabling users to retrieve all objects that match these criteria. For applications, 'SearchTerms encompass ' encompasses the 'Name', 'FriendlyName', 'Description', and 'MatchingPattern properties, and when used, the search ' properties. Utilizing these search terms returns all applications where the specified search value finds a match in any of those properties.
For exampleinstance, if setting the search value is set to “PBAC,” the search would return all the following applicationsto 'PBAC' yields applications fulfilling any of these conditions:
Any application with a name containing the string “PBAC”“PBAC.”
Any application with a display name containing including the string “PBAC”“PBAC.”
Any application with a description containing the string “PBAC”
...
featuring the string “PBAC.”
This enhanced search functionality ensures users can effectively and efficiently locate and manage applications within the Resource Admin interface.
...
Application Search Filters
When users select Applications as the resource type, an API call is made to return records for all applications the current user can view. The amount of records returned can be substantial depending on the number of managed applications and the user's access. To help users easily find the right application or application type, Resource Admin provides several filters that can be used with or without the above-mentioned search terms to narrow search options. Multiple filters can be used for more granular searchingTo assist in navigating a potentially large number of records, Resource Admin also provides various filters. These filters can be used alongside the search terms for a more focused and granular search experience.
Filter | Description | ||
---|---|---|---|
Owned By | This filter provides users with options to list applications based on ownership. Options include:
| ||
Azure Applications Only | When selected, this filters non-Azure applications from search results. | ||
Target System | This filter provides users with options to list only those applications belonging to the selected account store type and/or account store.
| ||
Advanced Search | Provides advanced search capabilities to further filter applications. |
Interacting with Applications
Each application listed in Resource Admin has is represented by a detailed record that provides , providing users with essential context for interacting with the application. Each application record has a Details link that directs users to the Details view for the selected application. The view provides a number of tabs that users can navigate interaction. By selecting the 'Details' link in an application record, users are directed to a Details view. This view hosts a variety of tabs, allowing users to navigate through different sections to review and manage specific information about the application. The nature of this information and the available management functions available for the application varies based on whether the application is an Azure app, a PBAC app with app rights assignments, or a vary depending on the application type. For instance, Azure applications feature additional tabs such as 'Access Control' and 'API Permissions', and include a contextual workflow button for initiating specialized workflows like the 'Manage Azure Application Wizard' or 'Update Azure Applications API Permissions'. On the other hand, PBAC apps with app rights assignments might offer different management options, while simple non-Azure and non-PBAC application. For example, Azure applications records include a contextual workflow button {⚙️} that users with the appropriate access can click to initiate either the “Manage Azure Application Wizard” or the “Update Azure Applications API Permissions” workflows, as shown below.
...
applications could provide basic functionality such as viewing and editing basic settings.
...
Macrosuite divider macro | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
The Client Secrets tab grants access to view and manage client secrets for Azure applications.
...
The following functionality is available to delegated users from this tab:
View detailed information about existing app secrets
Request access to app secrets
Check out app secrets
Add new client secrets
Delete existing client secrets
Run the
Manage Credential Wizard
workflow
...
Client Certificates
The Client Certificates tab grants access to view and manage client certificates for Azure applications.
...
The following functionality is available to delegated users from this tab:
View detailed information about existing app certificates
Request access to app certificates
Check out app certificates
Add new client certificates
Delete existing client certificates
Run the
Manage Credential Wizard
workflow
...
Scopes
The Scopes tab grants access to view and manage scopes for Azure applications.
...
The following functionality is available to delegated users from this tab:
View detailed information about existing scopes
Add new scopes to the application
Delete scopes from the application
...
API Permissions
The API Permissions tab grants access to view and manage the delegated and applications permissions for Azure applications.
...
The following functionality is available to delegated users from this tab:
View detailed information about existing API permissions
Add new API permissions to the application
Delete existing API permissions from the application
...
Token Configurations
The Token Configurations tab grants access to view and manage the claims for Azure applications.
...
The following functionality is available to delegated users from this tab:
View detailed information about existing claims
Add claims to the application
Remove claims from the application
...
App Rights (Azure “App Roles”)
The App Rights (Azure “App Roles”) tab grants access to view and manage app rights for Azure applications.
...
The following functionality is available to delegated users from this tab:
View detailed information about existing app rights
Create new app rights for the application
Delete app rights from the application
View app right assignments
Assign app rights to users
Remove app rights from users
View people with app rights to the application
...
Role Definitions
The Role Definitions tab grants access to view and manage app role definitions for Azure applications.
...
The following functionality is available from this tab:
View detailed information about existing app role definitions
Create app role definitions for the application
Delete app role definitions from the application
View app role assignments
Assign app roles to users
Remove app roles from users
View people with app roles
App Management Roles
The Role Definitions tab grants access to view and In the 'App Management Roles' tab, users with the necessary permissions can comprehensively manage App Management Roles for specific to Azure applications. The following functionality is functionalities available from in this tab include:
View detailed information about existing app Management Roles
Create app Management Roles
Delete app Management Roles
View people assigned to Management Roles as members
View direct access granted to the Management Roles
View total access granted to the Management Roles
Actions
...
Detailed Information About Existing App Management Roles: This feature allows users to access in-depth details about each Management Role, including its scope, associated permissions, and configuration.
Create App Management Roles: Users can create new Management Roles, tailoring them to specific needs and requirements within the Azure application environment.
Delete App Management Roles: This option provides the ability to remove existing Management Roles that are no longer required, ensuring a streamlined and relevant role structure.
View People Assigned to Management Roles as Members: Administrators can view a list of individuals who are assigned to each Management Role, offering insights into role distribution and user responsibilities.
View Direct Access Granted to the Management Roles: This functionality shows the specific access rights directly granted to each Management Role, helping in understanding their direct influence within the Azure environment.
View Total Access Granted to the Management Roles: Users can see the cumulative access privileges of each Management Role, including both direct and indirect access rights, for a complete overview of role-based access within the application."
Actions
The 'Actions' tab within the Resource Admin system is designed to offer a dynamic and context-sensitive user experience. Depending on the application tab selected, it presents relevant workflows that align with the current focus of the user. For instance:
When on the 'Overview' tab, the 'Actions' tab provides links to initiate workflows like the 'Manage Azure Application Wizard' and the 'Update Azure Application API Permissions'. These workflows are tailored to provide comprehensive management and configuration capabilities for the Azure application.
Conversely, when the user navigates to the 'Client Secrets' tab, the 'Actions' tab adapts to display links for specific workflows such as the 'Delete Azure Application Client Secrets'. This ensures that users have immediate access to pertinent actions related to client secrets management.
This adaptive approach streamlines workflow initiation, making it more intuitive and efficient by presenting users with options that are directly relevant to their current task or area of focus within the application.
...
Macrosuite divider macro | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Claims Mapping Policies (CMP) are used in Azure AD to control and manage are essential for controlling the identity information sent to an application when a during user signs sign-in. If To manage these policies in your organization uses CMP with your applications, you can manage them by selecting the 'Claims Mapping Policies' tab is your go-to resource. This tab only appears is specifically available for Azure apps and offers various search filters to facilitate easy management and retrieval of CMPs.
...
Claims Mapping Policies Search Filters
As with Azure applications, users can employ search filters for Claims Mapping PoliciesIn managing CMPs, search filters play a crucial role in simplifying the search process. Multiple filters can be used for more granular searching.
Filter | Description |
---|---|
Target System | This filter provides users with options to list only those Claims Mapping Policies belonging to applications in the selected account store type and/or account store.
|
Include Basic Claim Set | This filter provides users with options to list Claims Mapping Policies meeting the following criteria:
|
Advanced Search | Provides advanced search capabilities to further filter Claims Mapping Policies. |
Macrosuite divider macro | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
As with Azure applications, clicking the Details button for a PBAC application directs users to the Overview page. This page provides access to more in-depth information about the application and navigable tabs for managing aspects of it.
...
PBAC Assignments
The 'PBAC Assignments tab grants access to view and manage ' tab is a crucial feature for administrators managing PBAC applications, allowing them to oversee PBAC Definition assignments for PBAC applications.
...
The following functionality is available from this tabeffectively. Within this tab, users with appropriate permissions have access to the following functionalities:
Assign Role Definitions: Users can assign specific Role Definitions to individuals or groups within the application, tailoring access control according to organizational requirements.
Delete Role Definitions: This functionality enables the removal of existing Role Definitions, an essential aspect of maintaining up-to-date and relevant access controls.
View people People with Role Definition assignments for the application
Edit the Role Definition assignments for people
PBAC Definitions
The PBAC Assignments tab grants access to view and manage PBAC Definition assignments for PBAC applications.
...
The following functionality is available from this tab:
App RightsAssignments: Administrators can view a list of individuals who have been assigned specific Role Definitions, offering clarity and oversight on who has access to certain application functionalities.
Edit the Role Definition Assignments for People: This feature allows for the modification of existing Role Definition assignments, ensuring that access rights remain aligned with the current roles and responsibilities of individuals.
...
PBAC Definitions
In the 'PBAC Definitions' tab, users have access to a range of functionalities for comprehensive management of PBAC Definition assignments in PBAC applications. These include:
App Rights:
View detailed information about existing App Rights.
Create new App Rights for specific applications.
Delete App Rights from the application.
Assign specific App Rights to roles or users.
App Role Definitions:
View detailed information about existing App Role Definitions.
Create new App Role Definitions to streamline access control.
Delete App Role Definitions as needed.
Add or Remove App Rights to App Role DefinitionsRemove App Rights from App Role Definitions/from these definitions for precise role management.
App Management Roles:
Create App Management Rolesand Delete App Management Roles, enabling customized role-based access management within applications.
PBAC Resource Types:
Create Resource Types
Edit Resource Types
Delete Resource Types, Edit, and Delete Resource Types, allowing for the customization and fine-tuning of resource-based access controls.
...
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
The 'Workflows page provides ' page in the Resource Admin system is a dedicated page where authorized users can access and manage a variety of workflows related to applications. This page is designed to application workflows. The below image shows the workflows available for applicationsprovide a centralized location for overseeing application-specific processes, ranging from onboarding Azure applications and Claims Mapping Policies to configuration and update procedures. The image provided below offers a visual representation of the types of workflows available. Whether it's for routine maintenance or complex configuration tasks, the Workflows page serves as a key resource for efficient application management.
...