Page Comparison

To enable the EmpowerID Agent to protect the Andy's Beans Web site, you neet to create an application for it with URL subcomponents for each URL or group of URLs on the site you want to protect in EmpowerID and link that application to a SAML SSO Connection to provide single sign-on capabilities to all authorized users.

For the

Andy's Beans Web site, there are a number of URLs that need to be restricted. These include the following:

There are a number of ways in which these URLs can be protected, depending on the granularity of your security policy:

• Add a URL subcomponent that is an exact match for a specific URL, limiting the scope of the subcomponent to that one URL

• .
• Create a URL subcomponent that uses a

• JavaScript regular expression to block access to all URLs meeting the condition (pattern match) of the expression

• .
• Create a path-specific URL subcomponent that restricts access to any URL with a matching beginning path.

This example uses a combination of the second two,  pattern matches and beginning paths, to protect the

Andy's Beans URLs.

To create

a WAM SSO application for AndysBeans

Now that the WAM application has been created, the next step is to add protected application subcomponents for each of the URLs that need to be protected for unauthorized access.

To add protected application subcomponents (URLs)

1. From the Navigation Sidebar

1. , expand Applications and

1. click Manage Applications.
2. Search for Andy's Beans Web Site and then click the Display Name link for it.

1. 
   
   Image Added
   
   
   This directs you to the View One page for the application. View One pages allow you to view information about an object in

1. EmpowerID and manage it as needed.

1.  
   
   Image Added
   
   
   
2. From the View One page, expand the Protected Application Components accordion and

1. click the Add Protected Application Subcomponent (+) button.
2. In the dialog that appears do the following to protect all pages of Andy's Beans that start

1. with productmanager:

1. 1. From the Type drop-down, select URL.

1. 1. In the Name, Display Name and Description fields, enter AB Product Manager Pages.
   2. Leave the Icon field as is.

1. 1. Select Allow Access Requests

1. 1.  to let users

1. 1. request access to the page from the IT Shop.

1. 1. In the Starts

1. 1. with Path field, enter andysbeans/productmanager.
   2. Leave ABAC Check

1. 1. cleared.
      
      The Protected Application Subcomponent dialog looks like this:
      
      Image Added
      
      
   2. Click Save.
      

1. 1. 
      
2. Expand the Protected Application Components accordion and click the Add Protected Application Subcomponent (+) button.
3. In the dialog that appears do the following to protect the all pages in Andy's Beans beginning

1. with employees:

1. 1. From the Type drop-down, select URL.

1. 1. In the Name, Display Name and Description fields, enter AB Employee Pages.
   2. Leave the Icon field as is.

1. 1. Select Allow Access Requests

1. 1.  to let users

1. 1. request access to the page from the IT Shop.

1. 1. In the Starts

1. 1. with Path field, enter andysbeans/employees.
   2. Leave ABAC Check

1. 1. cleared.
      
      The Protected Application Subcomponent dialog looks like this:
      
      Image Added
      
      
   2. Click Save.
      

1. 1. 
      
2. Expand the Protected Application Components accordion

1. and click the Add Protected Application Subcomponent (+) button.
2. In the dialog that appears do the following to protect

1. all pages in Andy's Beans beginning

1. with employeemanager:

1. 1. From the Type drop-down, select URL.

1. 1. In the Name, Display Name and Description fields, enter AB Employee Manager Pages.
   2. Leave the Icon field as is.

1. 1. Select Allow Access Requests

1. 1.  to let users

1. 1. request access to the page from the IT Shop.

1. 1. In the Starts

1. 1. with Path field, enter andysbeans/employeemanager.
   2. Leave ABAC Check

1. 1. cleared.
      
      The Protected Application Subcomponent dialog looks like this:
      
      Image Added
      
      
   2. Click Save.
      

After completed the above steps, the Protected Application Subcomponents accordion should look like the below image

.

Now that the application and the protected application subcomponents for the application

are created, the next step is to create a number of people in EmpowerID with accounts in Andy's Beans.

1. Navigate to the User Accounts page by expanding Identities and clicking User Accounts.
2. Click the Create User (Person Optional) action link.

1. 
   
   Image Added
   
   
   This opens the Create User form.
   

1. 
   Image Added
   
   
2. From the Account Type drop-down

1. , select Personal Standard.
2. In the First Name field

1. , enter Charles, and in the Last Name field

1. , enter Stripe.

2. In the Display Name field, enter Charles Stripe.
   
   

   Tip
   Charles Stripe is the Employee Manager for Andy's Beans.

1. 
   

2. Below Account Creation Location, click the Select a Location link

1. .
   1. In the Location Selector, search for AndysBeans and

1. 1. click the node for AndysBeans

1. 1. .
   2. Click Save to close the Location Selector.

1. 1. 
      
      Image Added
      
      
2. In the Logon Name field, enter charles.stripe@andysbeans.com

1. .
2. In the Description field, enter Andy's Beans user account for Charles Stripe

1. .
2. Optionally, enter

1. comments in the Comments or Justification field.

2. Select Create a new EmpowerID Person object. The person created will be the owner of the user account.

2. Below Person Business Role, click the Select a Role and Location link to open the Business Role and Location selector.

1. 
   
   Image Added
   
   
   1. Search for the Temporary Role Business Role and

1. 1. click the node for that role to select it.

1. 1. 
      
      Image Added
      
      
   2. Click Location to open the Location panel of the Business Role and Location selector.
   3. Search for the Temporary Location Location and

1. 1. click the node for that location to select it.

1. 1. 
      
      Image Added
      
      
   2. Click

1. 1. Select to select the Business Role and Location combination and close the Business Role and Location selector.

1. 1. 
      
      
2. Select Allow me to enter a password and then enter pass@word1 in the Password and Confirm Password fields.

1. 
   
   Image Added
   
   
2. Ensure that Allow Joining Account to Person and Allow Provisioning a Person from Account are selected

1. .
   
   Image Added
   
   
2. Click Save.

   After EmpowerID creates the user account and the person owning the account, your browser

1. is directed to the Account Details page for the account.

To assign access to the Account Store 

1. From the Account Details page that opens, click the EmpowerID Logon link. This

1. directs your browser to the View page for the Charles Stripe person.

1. 
   
   Image Added
   
   

2. From the View page for Charles Stripe, expand the Access Assignments accordion

1. and do the following to give Charles Stripe access to the employees and employeemanager pages of the AndysBeans application.

   1. Click the Add New Assignment (+) button.

1. 1. From the Assign direct to resource or other method drop-down, select Direct.

1. 1. From the Resource Type drop-down, select Pages and Reports.

   2. In the Enter a Pages and Reports Name to Search field, enter AB Employee Manager Pages and

1. 1. click the tile to select

1. 1. it.

1. 1. From the Access Level drop-down, select Viewer.
      
      Image Added
      
      

   2. Click Save to add the assignment to the Shopping Cart.

   3. Repeat the above, this time giving Charles Stripe Viewer access to AB Employee Pages

1. 1. .
      
      

2. From the View page for Charles Stripe, click the Edit link to put the page in edit mode.

1. 
   
   Image Added
   
   
   
2. Locate the Login field and change the value from charles.stripe@andysbeans.com to charles.stripe.
3. Enter Self-Service User in the Management Roles field and

1. click the tile for the role to select it.

1. 
   
   Image Added
   
   
   
2. Click Save.
3. Finally, click the Shopping Cart and in the dialog that appears, enter a reason for the assignment and

1. click Submit.

1. 
   
   Image Added
   
   
   
2. Repeat these steps for the following Andy's Beans users:
   • George Varghese

1. •  is the Product

1. • Manager  and needs access to the employees and productmanager pages

1. • .
   • Barry Chandler

1. •  is an employee

1. • and needs access to the employees pages

1. • .
   • Fritz Dame

1. •  is an employee

1. • and needs access to the employees pages

1. • .
   • Tim Johnson

1. •  is an employee

1. • and needs access to the employees pages

1. • .
   • Maria Hansen

1. •  is an employee

1. • and needs access to the employees pages

1. • .

   • Rhonda Black

1. •  is an employee

1. • and needs access to the employees pages

1. • .
     
     

     Tip
     For a full list of all Andy's Beans users and their roles, see About the Sample Web Application.