You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Skip to end of banner
Go to start of banner

Applications Page

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

When users log in to Resource Admin, the first page they see is the Applications page. This page is a user-friendly interface designed to simplify application management. It provides users with various tabs, views, and controls for interacting with, creating, and updating Azure and non-Azure applications and options for managing any Claims Mapping Policies associated with Azure applications.

Once on the Applications page, users can search for specific applications or Claims Mapping Policies and manage those objects as needed.

Searching for Applications

Each object in the EmpowerID Identity Warehouse has a SearchTerms property with a specific set of search values that can be used to return all objects matching those values. For applications, SearchTerms encompass the Name, FriendlyName, Description, and MatchingPattern properties, and when used, the search returns all applications where the specified search value finds a match in any of those properties. For example, if the search value is set to “PBAC,” the search would return all the following applications:

  • Any application with a name containing the string “PBAC”

  • Any application with a display name containing the string “PBAC”

  • Any application with a description containing the string “PBAC”

Application Search Filters

When users select Applications as the resource type, an API call is made to return records for all applications the current user can view. The amount of records returned can be substantial depending on the number of managed applications and the user's access. To help users easily find the right application or application type, Resource Admin provides several filters that can be used with or without the above-mentioned search terms to narrow search options. Multiple filters can be used for more granular searching.

Filter

Description

Owned By

This filter provides users with options to list applications based on ownership. Options include:

  • Anybody – View all applications

  • Myself – View only applications owned by the user

  • Someone Else – View only applications owned by the specified person

Users must have the appropriate role assignment to see the Owned By filter.

Azure Applications Only

When selected, this filters non-Azure applications from search results.

Target System

This filter provides users with options to list only those applications belonging to the selected account store type and/or account store.

  • Select Account Store Type allows you to filter applications to display only those belonging to Account Stores configured with the selected Account Store Type.

  • Select Account Store allows you to filter applications to display only those belonging to the selected Account Store. The filter is used in conjunction with the selected Account Store Type filter to display applications belonging to the selected account store.

Advanced Search

Provides advanced search capabilities to further filter applications.

Interacting with Applications

Each application listed in Resource Admin has a record that provides users with context for interacting with the application. Each application record has a Details link that directs users to the Details view for the selected application. The view provides a number of tabs that users can navigate to review and manage information about the application. The information and management functions available for the application varies based on whether the application is an Azure app, a PBAC app with app rights assignments, or a simple non-Azure and non-PBAC application. For example, Azure applications records include a contextual workflow button {⚙️} that users with the appropriate access can click to initiate either the “Manage Azure Application Wizard” or the “Update Azure Applications API Permissions” workflows, as shown below.

Clicking the Details button for an Azure application directs users to the Overview page. This page provides access to more in-depth information about the application with navigable tabs for managing aspects of it.


Client Secrets

The Client Secrets tab grants access to view and manage client secrets for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing app secrets

  • Request access to app secrets

  • Check out app secrets

  • Add new client secrets

  • Delete existing client secrets

  • Run the Manage Credential Wizard workflow


Client Certificates

The Client Certificates tab grants access to view and manage client certificates for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing app certificates

  • Request access to app certificates

  • Check out app certificates

  • Add new client certificates

  • Delete existing client certificates

  • Run the Manage Credential Wizard workflow

Scopes

The Scopes tab grants access to view and manage scopes for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing scopes

  • Add new scopes to the application

  • Delete scopes from the application

API Permissions

The API Permissions tab grants access to view and manage the delegated and applications permissions for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing API permissions

  • Add new API permissions to the application

  • Delete existing API permissions from the application

Token Configurations

The Token Configurations tab grants access to view and manage the claims for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing claims

  • Add claims to the application

  • Remove claims from the application

App Rights (Azure “App Roles”)

The App Rights (Azure “App Roles”) tab grants access to view and manage app rights for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing app rights

  • Create new app rights for the application

  • Delete app rights from the application

  • View app right assignments

  • Assign app rights to users

  • Remove app rights from users

  • View people with app rights to the application

Role Definitions

The Role Definitions tab grants access to view and manage app role definitions for Azure applications.

The following functionality is available from this tab:

  • View detailed information about existing app role definitions

  • Create app role definitions for the application

  • Delete app role definitions from the application

  • View app role assignments

  • Assign app roles to users

  • Remove app roles from users

  • View people with app roles

App Management Roles

The Role Definitions tab grants access to view and manage App Management Roles for Azure applications.

The following functionality is available from this tab:

  • View detailed information about existing app Management Roles

  • Create app Management Roles

  • Delete app Management Roles

  • View people assigned to Management Roles as members

  • View direct access granted to the Management Roles

  • View total access granted to the Management Roles

Actions

The Actions tab grants access to contextual workflows related to the selected application tab. For example, when on the Overview tab, the Actions tab displays links to initiate the Manage Azure Application Wizard and the Update Azure Application API Permissions workflows, whereas when on the Client Secrets tab, the Actions tab displays links to initiate the Delete Azure Application Client Secrets workflow.

Claims Mapping Policies (CMP) are used in Azure AD to control and manage the identity information sent to an application when a user signs in. If your organization uses CMP with your applications, you can manage them by selecting the Claims Mapping Policies tab. This tab only appears for Azure apps.

Claims Mapping Policies Search Filters

As with Azure applications, users can employ search filters for Claims Mapping Policies. Multiple filters can be used for more granular searching.

Filter

Description

Target System

This filter provides users with options to list only those Claims Mapping Policies belonging to applications in the selected account store type and/or account store.

  • Select Account Store Type allows you to filter Claims Mapping Policies to display only those belonging to Account Stores configured with the selected Account Store Type.

  • Select Account Store allows you to filter Claims Mapping Policies to display only those belonging to the selected Account Store. The filter is used in conjunction with the selected Account Store Type filter to display Claims Mapping Policies belonging to the selected account store.

Include Basic Claim Set

This filter provides users with options to list Claims Mapping Policies meeting the following criteria:

  • All – Returns all Claims Mapping Policies

  • Yes – Returns Claims Mapping Policies that have a basic claim set

  • No – Returns Claims Mapping Policies that do not have a basic claim set

Advanced Search

Provides advanced search capabilities to further filter Claims Mapping Policies.

As with Azure applications, clicking the Details button for a PBAC application directs users to the Overview page. This page provides access to more in-depth information about the application and navigable tabs for managing aspects of it.

PBAC Assignments

The PBAC Assignments tab grants access to view and manage PBAC Definition assignments for PBAC applications.

The following functionality is available from this tab:

  • Assign Role Definitions

  • Delete Role Definitions

  • View people with Role Definition assignments for the application

  • Edit the Role Definition assignments for people

PBAC Definitions

The PBAC Assignments tab grants access to view and manage PBAC Definition assignments for PBAC applications.

The following functionality is available from this tab:

  • App Rights

    • View detailed information about existing App Rights

    • Create App Rights

    • Delete App Rights from the application

    • Assign App Rights

  • App Role Definitions

    • View detailed information about existing App Role Definitions

    • Create App Role Definitions

    • Delete App Role Definitions

    • Add App Rights to App Role Definitions

    • Remove App Rights from App Role Definitions

  • App Management Roles

    • Create App Management Roles

    • Delete App Management Roles

  • PBAC Resource Types

    • Create Resource Types

    • Edit Resource Types

    • Delete Resource Types

  • No labels