Applications Page

Owned by Phillip Hanegan
Feb 29, 2024
9 min read

Upon logging into Resource Admin, users are directly taken to the Applications page. This user-friendly interface streamlines application management by offering tabs, views, and controls for interacting with, creating, and updating both Azure and non-Azure applications. It also includes functionalities for managing Claims Mapping Policies related to Azure applications.

 

Features Available on the Applications Page

Upon navigating to the Applications page, users have the capability to search for specific applications and Claims Mapping Policies based on defined criteria and manage these objects as necessary.

Searching for Applications

In the EmpowerID Identity Warehouse, each object is associated with a ‘SearchTerms' property. This property contains specific search values, enabling users to retrieve all objects that match these criteria. For applications, 'SearchTerms' encompasses the 'Name,' 'FriendlyName,' 'Description,’ and 'MatchingPattern' properties. Utilizing these search terms returns all applications where the specified search value finds a match in any of those properties.

For instance, setting the search value to 'PBAC' yields applications fulfilling any of these conditions:

  • Any application with a name containing the string “PBAC.”

  • Any application with a display name including the string “PBAC.”

  • Any application with a description featuring the string “PBAC.”

This enhanced search functionality ensures users can effectively and efficiently locate and manage applications within the Resource Admin interface.

 

Application Search Filters

To assist in navigating a potentially large number of records, Resource Admin also provides various filters. These filters can be used alongside the search terms for a more focused and granular search experience.

Filter

Description

Filter

Description

Owned By

This filter provides users with options to list applications based on ownership. Options include:

  • Anybody – View all applications

  • Myself – View only applications owned by the user

  • Someone Else – View only applications owned by the specified person

Users must have the appropriate role assignment to see the Owned By filter.

Azure Applications Only

When selected, this filters non-Azure applications from search results.

Target System

This filter provides users with options to list only those applications belonging to the selected account store type and/or account store.

  • Select Account Store Type allows you to filter applications to display only those belonging to Account Stores configured with the selected Account Store Type.

  • Select Account Store allows you to filter applications to display only those belonging to the selected Account Store. The filter is used in conjunction with the selected Account Store Type filter to display applications belonging to the selected account store.

 

Advanced Search

Provides advanced search capabilities to further filter applications.

Interacting with Applications

Each application listed in Resource Admin is represented by a detailed record, providing users with essential context for interaction. By selecting the 'Details' link in an application record, users are directed to a Details view. This view hosts a variety of tabs, allowing users to navigate through different sections to review and manage specific information about the application. The nature of this information and the available management functions vary depending on the application type. For instance, Azure applications feature additional tabs such as 'Access Control' and 'API Permissions', and include a contextual workflow button for initiating specialized workflows like the 'Manage Azure Application Wizard' or 'Update Azure Applications API Permissions'. On the other hand, PBAC apps with app rights assignments might offer different management options, while simple non-Azure and non-PBAC applications could provide basic functionality such as viewing and editing basic settings.

 

 

Clicking the Details button for an Azure application directs users to the Overview page. This page provides access to more in-depth information about the application with navigable tabs for managing aspects of it.


Client Secrets

The Client Secrets tab grants access to view and manage client secrets for Azure applications. The following functionality is available to delegated users from this tab:

  • View detailed information about existing app secrets

  • Request access to app secrets

  • Check out app secrets

  • Add new client secrets

  • Delete existing client secrets

  • Run the Manage Credential Wizard workflow

 


Client Certificates

The Client Certificates tab grants access to view and manage client certificates for Azure applications. The following functionality is available to delegated users from this tab:

  • View detailed information about existing app certificates

  • Request access to app certificates

  • Check out app certificates

  • Add new client certificates

  • Delete existing client certificates

  • Run the Manage Credential Wizard workflow

 

Scopes

The Scopes tab grants access to view and manage scopes for Azure applications. The following functionality is available to delegated users from this tab:

  • View detailed information about existing scopes

  • Add new scopes to the application

  • Delete scopes from the application

 

API Permissions

The API Permissions tab grants access to view and manage the delegated and applications permissions for Azure applications. The following functionality is available to delegated users from this tab:

  • View detailed information about existing API permissions

  • Add new API permissions to the application

  • Delete existing API permissions from the application

 

Token Configurations

The Token Configurations tab grants access to view and manage the claims for Azure applications. The following functionality is available to delegated users from this tab:

  • View detailed information about existing claims

  • Add claims to the application

  • Remove claims from the application

 

App Rights (Azure “App Roles”)

The App Rights (Azure “App Roles”) tab grants access to view and manage app rights for Azure applications. The following functionality is available to delegated users from this tab:

  • View detailed information about existing app rights

  • Create new app rights for the application

  • Delete app rights from the application

  • View app right assignments

  • Assign app rights to users

  • Remove app rights from users

  • View people with app rights to the application

 

Role Definitions

The Role Definitions tab grants access to view and manage app role definitions for Azure applications. The following functionality is available from this tab:

  • View detailed information about existing app role definitions

  • Create app role definitions for the application

  • Delete app role definitions from the application

  • View app role assignments

  • Assign app roles to users

  • Remove app roles from users

  • View people with app roles

 

 

App Management Roles

In the 'App Management Roles' tab, users with the necessary permissions can comprehensively manage App Management Roles specific to Azure applications. The functionalities available in this tab include:

  • View Detailed Information About Existing App Management Roles: This feature allows users to access in-depth details about each Management Role, including its scope, associated permissions, and configuration.

  • Create App Management Roles: Users can create new Management Roles, tailoring them to specific needs and requirements within the Azure application environment.

  • Delete App Management Roles: This option provides the ability to remove existing Management Roles that are no longer required, ensuring a streamlined and relevant role structure.

  • View People Assigned to Management Roles as Members: Administrators can view a list of individuals who are assigned to each Management Role, offering insights into role distribution and user responsibilities.

  • View Direct Access Granted to the Management Roles: This functionality shows the specific access rights directly granted to each Management Role, helping in understanding their direct influence within the Azure environment.

  • View Total Access Granted to the Management Roles: Users can see the cumulative access privileges of each Management Role, including both direct and indirect access rights, for a complete overview of role-based access within the application."

 

Actions

The 'Actions' tab within the Resource Admin system is designed to offer a dynamic and context-sensitive user experience. Depending on the application tab selected, it presents relevant workflows that align with the current focus of the user. For instance:

  • When on the 'Overview' tab, the 'Actions' tab provides links to initiate workflows like the 'Manage Azure Application Wizard' and the 'Update Azure Application API Permissions'. These workflows are tailored to provide comprehensive management and configuration capabilities for the Azure application.

  • Conversely, when the user navigates to the 'Client Secrets' tab, the 'Actions' tab adapts to display links for specific workflows such as the 'Delete Azure Application Client Secrets'. This ensures that users have immediate access to pertinent actions related to client secrets management.

This adaptive approach streamlines workflow initiation, making it more intuitive and efficient by presenting users with options that are directly relevant to their current task or area of focus within the application.

 

Claims Mapping Policies (CMP) in Azure AD are essential for controlling the identity information sent to an application during user sign-in. To manage these policies in your organization, the 'Claims Mapping Policies' tab is your go-to resource. This tab is specifically available for Azure apps and offers various search filters to facilitate easy management and retrieval of CMPs.

 

Claims Mapping Policies Search Filters

In managing CMPs, search filters play a crucial role in simplifying the search process. Multiple filters can be used for more granular searching.

Filter

Description

Filter

Description

Target System

This filter provides users with options to list only those Claims Mapping Policies belonging to applications in the selected account store type and/or account store.

  • Select Account Store Type allows you to filter Claims Mapping Policies to display only those belonging to Account Stores configured with the selected Account Store Type.

  • Select Account Store allows you to filter Claims Mapping Policies to display only those belonging to the selected Account Store. The filter is used in conjunction with the selected Account Store Type filter to display Claims Mapping Policies belonging to the selected account store.

 

Include Basic Claim Set

 

This filter provides users with options to list Claims Mapping Policies meeting the following criteria:

  • All – Returns all Claims Mapping Policies

  • Yes – Returns Claims Mapping Policies that have a basic claim set

  • No – Returns Claims Mapping Policies that do not have a basic claim set

Advanced Search

 

Provides advanced search capabilities to further filter Claims Mapping Policies.

As with Azure applications, clicking the Details button for a PBAC application directs users to the Overview page. This page provides access to more in-depth information about the application and navigable tabs for managing aspects of it.

 

PBAC Assignments

The 'PBAC Assignments' tab is a crucial feature for administrators managing PBAC applications, allowing them to oversee PBAC Definition assignments effectively. Within this tab, users with appropriate permissions have access to the following functionalities:

  • Assign Role Definitions: Users can assign specific Role Definitions to individuals or groups within the application, tailoring access control according to organizational requirements.

  • Delete Role Definitions: This functionality enables the removal of existing Role Definitions, an essential aspect of maintaining up-to-date and relevant access controls.

  • View People with Role Definition Assignments: Administrators can view a list of individuals who have been assigned specific Role Definitions, offering clarity and oversight on who has access to certain application functionalities.

  • Edit the Role Definition Assignments for People: This feature allows for the modification of existing Role Definition assignments, ensuring that access rights remain aligned with the current roles and responsibilities of individuals.

 

PBAC Definitions

In the 'PBAC Definitions' tab, users have access to a range of functionalities for comprehensive management of PBAC Definition assignments in PBAC applications. These include:

  • App Rights:

    • View detailed information about existing App Rights.

    • Create new App Rights for specific applications.

    • Delete App Rights from the application.

    • Assign specific App Rights to roles or users.

  • App Role Definitions:

    • View detailed information about existing App Role Definitions.

    • Create new App Role Definitions to streamline access control.

    • Delete App Role Definitions as needed.

    • Add or Remove App Rights to/from these definitions for precise role management.

  • App Management Roles:

    • Create and Delete App Management Roles, enabling customized role-based access management within applications.

  • PBAC Resource Types:

    • Create, Edit, and Delete Resource Types, allowing for the customization and fine-tuning of resource-based access controls.

 

Application Workflows Page

The 'Workflows' page in the Resource Admin system is a dedicated page where authorized users can access and manage a variety of workflows related to applications. This page is designed to provide a centralized location for overseeing application-specific processes, ranging from onboarding Azure applications and Claims Mapping Policies to configuration and update procedures. The image provided below offers a visual representation of the types of workflows available.