Creating Tracking-Only Apps
When your organization uses internal resources not inventoried by EmpowerID, such as a third-party software application, you can create a tracking-only application in EmpowerID to represent those resources. This allows you to implement internal access controls to manage and track who has access to what applications in your environment. You control and track access to these type of applications through the use of a special type of account store internal to EmpowerID, known as "tracking-only" account store. Each tracking-only account store has a one-to-one relationship with a specific tracking-only app.
To create a tracking-only application in EmpowerID
- In the navigation sidebar, expand Applications and click Manage Applications.
- From the Actions pane of the Application page, click the Create Application action.
This opens the Application Details form, which contains various tabs and fields for creating the application. - From the General tab of the Application Details form, do the following:
- Enter a name for the application in the Name, Display Name and Description fields.
- Optionally, specify the path to a custom icon you want to use for the application.
Select Allow Access Requests to show the application in the IT Shop, allowing users to request an account when Allow Request Account is selected.
Select Allow Claim Account to allow users to claim their existing accounts and gain instant access after passing the requisite identity proofs.
Select Allow Request Account and Allow Access Requests to allow users to request an account in the application.
Clear Login Is Email Address (Receive OTP to Claim). This setting is not required for tracking-only applications as it is used for identity proofing against applications that require user credentials.
Select Make me the Application Owner to manage the application and approve or deny access requests.
If you have custom pages and workflows configured that process access requests and manage accounts linked to the application's account directory in EmpowerID, select Configure Advanced Claim and Request Account Options and provide the appropriate advanced configuration information.
Click the Users tab and select the Create a New Account Directory checkbox to generate a tracking-only account store for the application. When users are granted accounts in the application, EmpowerID adds those accounts to the tracking-only account store, linking them to their EmpowerID Person.
Click the Add to Cart button, and click the My Cart link located at the top of the page.
In the Cart dialog that appears enter a reason for creating the application and then click Submit.
To request and approve an application account
Log in to the EmpowerID Web application as a person needing an account for the application you just created.
To access the IT Shop to request an application account, a person must have either the IT Shop Limited Access or IT Shop Full Access Management Role.
For information on assigning Management Roles to people, see Assigning Management Roles.
- In the Navigation Sidebar, expand Applications and click Request Access.
- From the Request Access page, search for the application, click the Request Access link for that application and then click Request New Account.
- Click the Shopping Cart located at the top of the page and in the Cart Dialog that appears, enter a reason for the request and then click Submit.
EmpowerID routes the request to the application owner. - To approve the request, log in the EmpowerID Web application as the application owner.
- In the Navigation Sidebar, expand Tasks and Requests, then Workflow Tasks, and click Tasks To Do to see the request for an application account.
- From the widget, click the link for the request.
This directs you to the Task Details page for the request. From this page, you can view information about the task and initiate the approval process. - From the Task Details page, click the View Approval Form link and on the Approval form, click Approve.
The status of the request updates to Approved.