Upon logging into Resource Admin, users are directly taken to the Applications page. This user-friendly interface streamlines application management by offering tabs, views, and controls for interacting with, creating, and updating both Azure and non-Azure applications. It also includes functionalities for managing Claims Mapping Policies related to Azure applications.
Once on the Applications page, users can search for specific applications or Claims Mapping Policies and manage those objects as needed.
Searching for Applications
In the EmpowerID Identity Warehouse, each object possesses a 'SearchTerms' property. This property contains specific search values, enabling users to retrieve all objects that match these criteria. For applications, 'SearchTerms' encompasses the 'Name', 'FriendlyName', 'Description', and 'MatchingPattern' properties. Utilizing these search terms returns all applications where the specified search value finds a match in any of those properties.
For instance, setting the search value to 'PBAC' yields applications fulfilling any of these conditions:
Any application with a name containing the string “PBAC.”
Any application with a display name including the string “PBAC.”
Any application with a description featuring the string “PBAC.”
This enhanced search functionality ensures users can effectively and efficiently locate and manage applications within the Resource Admin interface.
Application Search Filters
To assist in navigating a potentially large number of records, Resource Admin also provides various filters. These filters can be used alongside the search terms for a more focused and granular search experience.
Filter | Description |
|---|---|
Owned By  | This filter provides users with options to list applications based on ownership. Options include:
Users must have the appropriate role assignment to see the |
Azure Applications Only  | When selected, this filters non-Azure applications from search results. |
Target System  | This filter provides users with options to list only those applications belonging to the selected account store type and/or account store.
|
Advanced Search  | Provides advanced search capabilities to further filter applications. |
Interacting with Applications
Each application listed in Resource Admin is represented by a detailed record, providing users with essential context for interaction. By selecting the 'Details' link in an application record, users are directed to a Details view. This view hosts a variety of tabs, allowing users to navigate through different sections to review and manage specific information about the application. The nature of this information and the available management functions vary depending on the application type. For instance, Azure applications feature additional tabs such as 'Access Control' and 'API Permissions', and include a contextual workflow button for initiating specialized workflows like the 'Manage Azure Application Wizard' or 'Update Azure Applications API Permissions'. On the other hand, PBAC apps with app rights assignments might offer different management options, while simple non-Azure and non-PBAC applications could provide basic functionality such as viewing and editing basic settings.
Clicking the Details button for an Azure application directs users to the Overview page. This page provides access to more in-depth information about the application with navigable tabs for managing aspects of it.
Client Secrets
The Client Secrets tab grants access to view and manage client secrets for Azure applications. The following functionality is available to delegated users from this tab:
View detailed information about existing app secrets
Request access to app secrets
Check out app secrets
Add new client secrets
Delete existing client secrets
Run the
Manage Credential Wizardworkflow
Client Certificates
The Client Certificates tab grants access to view and manage client certificates for Azure applications. The following functionality is available to delegated users from this tab:
View detailed information about existing app certificates
Request access to app certificates
Check out app certificates
Add new client certificates
Delete existing client certificates
Run the
Manage Credential Wizardworkflow
Scopes
The Scopes tab grants access to view and manage scopes for Azure applications. The following functionality is available to delegated users from this tab:
View detailed information about existing scopes
Add new scopes to the application
Delete scopes from the application
API Permissions
The API Permissions tab grants access to view and manage the delegated and applications permissions for Azure applications. The following functionality is available to delegated users from this tab:
View detailed information about existing API permissions
Add new API permissions to the application
Delete existing API permissions from the application
Token Configurations
The Token Configurations tab grants access to view and manage the claims for Azure applications. The following functionality is available to delegated users from this tab:
View detailed information about existing claims
Add claims to the application
Remove claims from the application
App Rights (Azure “App Roles”)
The App Rights (Azure “App Roles”) tab grants access to view and manage app rights for Azure applications. The following functionality is available to delegated users from this tab:
View detailed information about existing app rights
Create new app rights for the application
Delete app rights from the application
View app right assignments
Assign app rights to users
Remove app rights from users
View people with app rights to the application
Role Definitions
The Role Definitions tab grants access to view and manage app role definitions for Azure applications. The following functionality is available from this tab:
View detailed information about existing app role definitions
Create app role definitions for the application
Delete app role definitions from the application
View app role assignments
Assign app roles to users
Remove app roles from users
View people with app roles
App Management Roles
In the 'App Management Roles' tab, users with the necessary permissions can comprehensively manage App Management Roles specific to Azure applications. The functionalities available in this tab include:
View Detailed Information About Existing App Management Roles: This feature allows users to access in-depth details about each Management Role, including its scope, associated permissions, and configuration.
Create App Management Roles: Users can create new Management Roles, tailoring them to specific needs and requirements within the Azure application environment.
Delete App Management Roles: This option provides the ability to remove existing Management Roles that are no longer required, ensuring a streamlined and relevant role structure.
View People Assigned to Management Roles as Members: Administrators can view a list of individuals who are assigned to each Management Role, offering insights into role distribution and user responsibilities.
View Direct Access Granted to the Management Roles: This functionality shows the specific access rights directly granted to each Management Role, helping in understanding their direct influence within the Azure environment.
View Total Access Granted to the Management Roles: Users can see the cumulative access privileges of each Management Role, including both direct and indirect access rights, for a complete overview of role-based access within the application."
Actions
The 'Actions' tab within the Resource Admin system is designed to offer a dynamic and context-sensitive user experience. Depending on the application tab selected, it presents relevant workflows that align with the current focus of the user. For instance:
When on the 'Overview' tab, the 'Actions' tab provides links to initiate workflows like the 'Manage Azure Application Wizard' and the 'Update Azure Application API Permissions'. These workflows are tailored to provide comprehensive management and configuration capabilities for the Azure application.
Conversely, when the user navigates to the 'Client Secrets' tab, the 'Actions' tab adapts to display links for specific workflows such as the 'Delete Azure Application Client Secrets'. This ensures that users have immediate access to pertinent actions related to client secrets management.
This adaptive approach streamlines workflow initiation, making it more intuitive and efficient by presenting users with options that are directly relevant to their current task or area of focus within the application.
Claims Mapping Policies (CMP) in Azure AD are essential for controlling the identity information sent to an application during user sign-in. To manage these policies in your organization, the 'Claims Mapping Policies' tab is your go-to resource. This tab is specifically available for Azure apps and offers various search filters to facilitate easy management and retrieval of CMPs.
Claims Mapping Policies Search Filters
In managing CMPs, search filters play a crucial role in simplifying the search process. Multiple filters can be used for more granular searching.
Filter | Description |
|---|---|
Target System | This filter provides users with options to list only those Claims Mapping Policies belonging to applications in the selected account store type and/or account store.
|
Include Basic Claim Set  | This filter provides users with options to list Claims Mapping Policies meeting the following criteria:
|
Advanced Search  | Provides advanced search capabilities to further filter Claims Mapping Policies. |
As with Azure applications, clicking the Details button for a PBAC application directs users to the Overview page. This page provides access to more in-depth information about the application and navigable tabs for managing aspects of it.
PBAC Assignments
The 'PBAC Assignments' tab is a crucial feature for administrators managing PBAC applications, allowing them to oversee PBAC Definition assignments effectively. Within this tab, users with appropriate permissions have access to the following functionalities:
Assign Role Definitions: Users can assign specific Role Definitions to individuals or groups within the application, tailoring access control according to organizational requirements.
Delete Role Definitions: This functionality enables the removal of existing Role Definitions, an essential aspect of maintaining up-to-date and relevant access controls.
View People with Role Definition Assignments: Administrators can view a list of individuals who have been assigned specific Role Definitions, offering clarity and oversight on who has access to certain application functionalities.
Edit the Role Definition Assignments for People: This feature allows for the modification of existing Role Definition assignments, ensuring that access rights remain aligned with the current roles and responsibilities of individuals.
PBAC Definitions
In the 'PBAC Definitions' tab, users have access to a range of functionalities for comprehensive management of PBAC Definition assignments in PBAC applications. These include:
App Rights:
View detailed information about existing App Rights.
Create new App Rights for specific applications.
Delete App Rights from the application.
Assign specific App Rights to roles or users.
App Role Definitions:
View detailed information about existing App Role Definitions.
Create new App Role Definitions to streamline access control.
Delete App Role Definitions as needed.
Add or Remove App Rights to/from these definitions for precise role management.
App Management Roles:
Create and Delete App Management Roles, enabling customized role-based access management within applications.
PBAC Resource Types:
Create, Edit, and Delete Resource Types, allowing for the customization and fine-tuning of resource-based access controls.
Application Workflows Page
The 'Workflows' page in the Resource Admin system is a dedicated page where authorized users can access and manage a variety of workflows related to applications. This page is designed to provide a centralized location for overseeing application-specific processes, ranging from onboarding Azure applications and Claims Mapping Policies to configuration and update procedures. The image provided below offers a visual representation of the types of workflows available. Whether it's for routine maintenance or complex configuration tasks, the Workflows page serves as a key resource for efficient application management.
