The Resource Admin application has dedicated pages for managing different resources. Each page has controls and workflows that help streamline the resource management process. In this article, we will take a closer look at these pages and controls, giving you an in-depth overview of how they work and their usage. By exploring these features, you will understand how to make the most of the Resource Admin application for efficient resource management.
Applications Page
When users log in to Resource Admin, the first page they see is the Applications page. This page is a user-friendly interface designed to simplify application management. It provides users with various tabs, views, and controls for interacting with, creating, and updating Azure and non-Azure applications and options for managing any Claims Mapping Policies associated with Azure applications.
Once on the Applications page, users can search for specific applications or Claims Mapping Policies and manage those objects as needed.
Searching for Applications
Each object in the EmpowerID Identity Warehouse has a SearchTerms property with a specific set of search values that can be used to return all objects matching those values. For applications, SearchTerms encompass the Name, FriendlyName, Description, and MatchingPattern properties, and when used, the search returns all applications where the specified search value finds a match in any of those properties. For example, if the search value is set to “PBAC,” the search would return all the following applications:
Any application with a name containing the string “PBAC”
Any application with a display name containing the string “PBAC”
Any application with a description containing the string “PBAC”
Search Filters
When users select Applications as the resource type, an API call is made to return records for all applications the current user can view. Depending on the number of applications being managed and the access of the user, the amount of records returned can be substantial. To help users easily find the right application or application type, Resource Admin provides several filters that can be used with or without the above mentioned search terms to narrow search options.
Filter | Description |
|---|---|
Owned By  | This filter provides users with options to list applications based on ownership. Options include:
Users must have the appropriate role assignment to see the |
Azure Applications Only  | When selected, this filters non-Azure applications from search results. |
Target System  | This filter provideds users with options to list only those applications belonging to the selected account store type and/or account store.
|
Advanced Search  | Provides advanced search capabilities to further filter applications. |
Interacting with Applications
Each application listed in Resource Admin has a record that provides users with context for interacting with the application. Each application record has a Details link that directs users to the Details view for the selected application. The view provides a number of tabs that users can navigate to review and manage information about the application. The information and management functions available for the application varies based on whether the application is an Azure app, a PBAC app with app rights assignments, or a simple non-Azure and non-PBAC application. For example, Azure applications records include a contextual workflow button {⚙️} that users with the appropriate access can click to initiate either the “Manage Azure Application Wizard” or the “Update Azure Applications API Permissions” workflows. PBAC apps and other types of non-Azure apps do not.
Azure Applications
Clicking the Details button for an Azure application directs users to the Overview page. This page provides access to more in-depth information about the application with navigable tabs for managing aspects of it.
Azure Application Tab | Function Access |
|---|---|
Client SecretsThe Client Secrets tab grants access to view and manage client secrets for Azure applications.  | The following functionality is available to delegated users from this tab:
|
Client CertificatesThe Client Certificates tab grants access to view and manage client certificates for Azure applications.  | The following functionality is available to delegated users from this tab:
|
ScopesThe Scopes tab grants access to view and manage scopes for Azure applications.  | The following functionality is available to delegated users from this tab:
|
API PermissionsThe API Permissions tab grants access to view and manage the delegated and applications permissions for Azure applications.  | The following functionality is available to delegated users from this tab:
|
Token ConfigurationsThe Token Configurations tab grants access to view and manage the claims for Azure applications.  | The following functionality is available to delegated users from this tab:
|
App Rights (Azure “App Roles”)The App Rights (Azure “App Roles”) tab grants access to view and manage app rights for Azure applications.  | The following functionality is available to delegated users from this tab:
|
Role DefinitionsThe Role Definitions tab grants access to view and manage app role definitions for Azure applications.  | The following functionality is available to delegated users from this tab:
|
App Management RolesThe Role Definitions tab grants access to view and manage App Management Roles for Azure applications. | The following functionality is available to delegated users from this tab:
|
ActionsThe Actions tab grants access to contextual workflows related to the selected application tab. For example, when on the Overview tab, the Actions tab displays links to initiate the  | The following contextual actions are available to delegated users: Group Usage Types
|
Client Secrets
The Client Secrets tab grants access to view and manage client secrets for Azure applications.
The following functionality is available to delegated users from this tab:
View detailed information about existing app secrets
Request access to app secrets
Check out app secrets
Add new client secrets
Delete existing client secrets
Run the
Manage Credential Wizardworkflow
Client Certificates
The Client Certificates tab grants access to view and manage client certificates for Azure applications.
The following functionality is available to delegated users from this tab:
View detailed information about existing app certificates
Request access to app certificates
Check out app certificates
Add new client certificates
Delete existing client certificates
Run the
Manage Credential Wizardworkflow
Scopes
The Scopes tab grants access to view and manage scopes for Azure applications.
The following functionality is available to delegated users from this tab:
View detailed information about existing scopes
Add new scopes to the application
Delete scopes from the application
API Permissions
The API Permissions tab grants access to view and manage scopes for Azure applications.
Token Configurations
App Rights (Azure “App Roles”)
Role Definitions
App Management Roles
Actions
PBAC Applications
As with Azure applications, clicking the Details button for a PBAC application directs users to the Overview page for the application. This page provides access to more in-depth information about the application and navigable tabs for managing aspects of it.
Overview
PBAC Assignments
PBAC Definitions
PBAC App Resources
Actions
Functionality & Features
View Existing Applications: The page displays a grid of all applications the currently logged-in user has access to view. Each application's record provides key information at a glance, including the application name, resource system, and responsible party.
Interact with Applications: Users can interact directly with each application from its record. Clicking on the Details button for that record will reveal more information and provide options for managing that specific application. Additionally, each record includes a contextual workflow button {⚙️} that users can interact with to initiate certain workflows, such as the “Manage Azure Application Wizard” workflow or the “Update Azure Applications API Permissions” workflow.
Create New Applications: The page features a “Workflows” tab, which provides users access to the application-specific workflows to which they have the access to initiate. One of these workflows is the “Onboard Azure Application” workflow, which guides users through the process of registering a new Azure application in an Azure tenant.
Update Applications: Users can easily update various aspects of an application by running one of the application-specific workflows available on the Workflows tab. This allows for easy maintenance and ensures that all application information stays current.
View Claims Mapping Policies: The page also displays a secondary grid of any Claims Mapping Policies in the system. Each policy's record provides key information at a glance, including the policy name, resource system, and whether the policy includes a basic claim set.
Interact with Claims Mapping Policies: To manage Claims Mapping Policies, users can click on the Details button for a specific record and access extra information and options. These options include adding or removing claims, as well as assigning or unassigning applications to or from the policy. Users can also use the contextual workflow button (represented by a gear ⚙️ icon) to initiate the "Manage Claims Mapping Policy" or "Applications API Permissions" workflow.
Interacting with the Applications Page
Filtering Applications
Users can filter the applications appearing in the gi
After accessing the Applications page, users can search for applications from the Applications List or for Claims Mapping Policies. By default, the page opens with the Applications List selected and populates the page’s grid with records of all applications the current user has access to see.
Searching for applications
If a user knows the