You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Skip to end of banner
Go to start of banner

Navigating Resource Admin

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The Resource Admin application has dedicated pages for managing different resources. Each page has controls and workflows that help streamline the resource management process. In this article, we will take a closer look at these pages and controls, giving you an in-depth overview of how they work and their usage. By exploring these features, you will understand how to make the most of the Resource Admin application for efficient resource management.

When users log in to Resource Admin, the first page they see is the Applications page. This page is a user-friendly interface designed to simplify application management. It provides users with various tabs, views, and controls for interacting with, creating, and updating Azure and non-Azure applications and options for managing any Claims Mapping Policies associated with Azure applications.

Once on the Applications page, users can search for specific applications or Claims Mapping Policies and manage those objects as needed.

Each object in the EmpowerID Identity Warehouse has a SearchTerms property with a specific set of search values that can be used to return all objects matching those values. For applications, SearchTerms encompass the Name, FriendlyName, Description, and MatchingPattern properties, and when used, the search returns all applications where the specified search value finds a match in any of those properties. For example, if the search value is set to “PBAC,” the search would return all the following applications:

  • Any application with a name containing the string “PBAC”

  • Any application with a display name containing the string “PBAC”

  • Any application with a description containing the string “PBAC”

When users select Applications as the resource type, an API call is made to return records for all applications the current user can view. Depending on the number of applications being managed and the access of the user, the amount of records returned can be substantial. To help users easily find the right application or application type, Resource Admin provides several filters that can be used with or without the above mentioned search terms to narrow search options.

Filter

Description

Owned By

This filter provides users with options to list applications based on ownership. Options include:

  • Anybody – View all applications

  • Myself – View only applications owned by the user

  • Someone Else – View only applications owned by the specified person

Users must have the appropriate role assignment to see the Owned By filter.

Azure Applications Only

When selected, this filters non-Azure applications from search results.

Target System

This filter provideds users with options to list only those applications belonging to the selected account store type and/or account store.

  • Select Account Store Type allows you to filter applications to display only those belonging to Account Stores configured with the selected Account Store Type.

  • Select Account Store allows you to filter applications to display only those belonging to the selected Account Store. The filter is used in conjunction with the selected Account Store Type filter to display applications belonging to the selected account store.

Advanced Search

Provides advanced search capabilities to further filter applications.

Each application listed in Resource Admin has a record that provides users with context for interacting with the application. Each application record has a Details link that directs users to the Details view for the selected application. The view provides a number of tabs that users can navigate to review and manage information about the application. The information and management functions available for the application varies based on whether the application is an Azure app, a PBAC app with app rights assignments, or a simple non-Azure and non-PBAC application. For example, Azure applications records include a contextual workflow button {⚙️} that users with the appropriate access can click to initiate either the “Manage Azure Application Wizard” or the “Update Azure Applications API Permissions” workflows. PBAC apps and other types of non-Azure apps do not.

Clicking the Details button for an Azure application directs users to the Overview page. This page provides access to more in-depth information about the application with navigable tabs for managing aspects of it.

Azure Application Tab

Function Access

The Client Secrets tab grants access to view and manage client secrets for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing app secrets

  • Request access to app secrets

  • Check out app secrets

  • Add new client secrets

  • Delete existing client secrets

  • Run the Manage Credential Wizard workflow

The Client Certificates tab grants access to view and manage client certificates for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing app secrets

  • Request access to app secrets

  • Check out app secrets

  • Add new client secrets

  • Delete existing client secrets

  • Run the Manage Credential Wizard workflow

The Scopes tab grants access to view and manage scopes for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing scopes

  • Add new scopes to the application

  • Delete existing scopes from the application

The API Permissions tab grants access to view and manage the delegated and applications permissions for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing API permissions

  • Add new API permissions to the application

  • Delete existing API permissions from the application

The Token Configurations tab grants access to view and manage the claims for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing claims

  • Add claims to the application

  • Remove claims from the application

The App Rights (Azure “App Roles”) tab grants access to view and manage app rights for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing app rights

  • Create new app rights for the application

  • Delete app rights from the application

  • View app right assignments

  • Assign app rights to users

  • Remove app rights from users

  • View people with app rights to the application

The Role Definitions tab grants access to view and manage app role definitions for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing app role definitions

  • Create app role definitions for the application

  • Delete app role definitions from the application

  • View app role assignments

  • Assign app roles to users

  • Remove app roles from users

  • View people with app roles

The Role Definitions tab grants access to view and manage App Management Roles for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing app Management Roles

  • Create app Management Roles

  • Delete app Management Roles

  • View people assigned to the Management Roles as members

  • View direct access granted to the Management Roles

  • View total acces granted to the Management Roles

The Actions tab grants access to contextual workflows related to the selected application tab. For example, when on the Overview tab, the Actions tab displays links to initiate the Manage Azure Application Wizard and the Update Azure Application API Permissions workflows, whereas when on the Client Secrets tab, the Actions tab displays links to intitiate the Delete Azure Application Client Secrets workflow.

The following contextual actions are available to delegated users:

Group Usage Types

  • Overview Actions

The Client Secrets tab grants access to view and manage client secrets for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing app secrets

  • Request access to app secrets

  • Check out app secrets

  • Add new client secrets

  • Delete existing client secrets

  • Run the Manage Credential Wizard workflow

The Client Certificates tab grants access to view and manage client certificates for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing app certificates

  • Request access to app certificates

  • Check out app certificates

  • Add new client certificates

  • Delete existing client certificates

  • Run the Manage Credential Wizard workflow

The Scopes tab grants access to view and manage scopes for Azure applications.

The following functionality is available to delegated users from this tab:

  • View detailed information about existing scopes

  • Add new scopes to the application

  • Delete scopes from the application

The API Permissions tab grants access to view and manage scopes for Azure applications.

As with Azure applications, clicking the Details button for a PBAC application directs users to the Overview page for the application. This page provides access to more in-depth information about the application and navigable tabs for managing aspects of it.

  1. View Existing Applications: The page displays a grid of all applications the currently logged-in user has access to view. Each application's record provides key information at a glance, including the application name, resource system, and responsible party.

  2. Interact with Applications: Users can interact directly with each application from its record. Clicking on the Details button for that record will reveal more information and provide options for managing that specific application. Additionally, each record includes a contextual workflow button {⚙️} that users can interact with to initiate certain workflows, such as the “Manage Azure Application Wizard” workflow or the “Update Azure Applications API Permissions” workflow.

  3. Create New Applications: The page features a “Workflows” tab, which provides users access to the application-specific workflows to which they have the access to initiate. One of these workflows is the “Onboard Azure Application” workflow, which guides users through the process of registering a new Azure application in an Azure tenant.

  4. Update Applications: Users can easily update various aspects of an application by running one of the application-specific workflows available on the Workflows tab. This allows for easy maintenance and ensures that all application information stays current.

  5. View Claims Mapping Policies: The page also displays a secondary grid of any Claims Mapping Policies in the system. Each policy's record provides key information at a glance, including the policy name, resource system, and whether the policy includes a basic claim set.

  6. Interact with Claims Mapping Policies: To manage Claims Mapping Policies, users can click on the Details button for a specific record and access extra information and options. These options include adding or removing claims, as well as assigning or unassigning applications to or from the policy. Users can also use the contextual workflow button (represented by a gear ⚙️ icon) to initiate the "Manage Claims Mapping Policy" or "Applications API Permissions" workflow.

Users can filter the applications appearing in the gi

After accessing the Applications page, users can search for applications from the Applications List or for Claims Mapping Policies. By default, the page opens with the Applications List selected and populates the page’s grid with records of all applications the current user has access to see.

If a user knows the

  • No labels