Versions Compared

Old Version 12

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

As discussed mentioned in a prior modulediscussion, Account Stores are external directories or “applications aka apps” containing their own accounts and groups. In EmpowerID, there exists an AccountStore table and a ProtectedApplicationResources table for storing EmpowerID’s definition of applications. The relationship between these two entities can be confusing, so we’ll attempt to clarify the concept here.

...

In the internal directory scenario described above, when onboarding these applications in EmpowerID, the admin would select the Account Store defined for the app's internal directory. This lets EmpowerID know which Account Store contains the accounts and groups that can access the application. However, in our eternal directory scenario, the admin would onboard multiple applications where EmpowerID would be selected as the Account Store for the application. In this scenario, where many applications in EmpowerID share the same Account Store for their security, the application owner can select specific groups in any Account Store to link as granting access to that application.

...

.

...

Key Components Related to an EmpowerID Application

...

  • Protected Application Resources like pages, controls, APIs

  • SSO Connections (SAML, OpenID Connect, etc.)

  • OAuth Scopes configuration

  • Multi-Factor Authentication settings

  • PBAC rights and roles

  • Groups and roles that should be requestable for this app in the IT Shop

...

Tip

Key Takeaways:

  1. Most applications are a one to one with an Account Store that represents their internal directory.

  2. Applications that share an Account Store would select to use EmpowerID as the Account Store and then link the specific groups they wish to grant access to their application.

  3. An application object is not automatically created for each Account Store in EmpowerID.

  4. Any application configured for SSO requires an application object in EmpowerID.

  5. The component for applications and their subcomponents is named ProtectedApplicationResource.

  6. During application onboarding selecting to create a Tracking Only Account Store will create a “logical” Account Store in EmpowerID for access requests and tracking that is not inventoried or managed.

Info

Related Docs Topics:

SSO Connections

...