Product Documentation

Configuring Applications for User Account Management

Mar 22, 2015

When you configure an application for SSO, you can also configure some application connectors to enable user account creation and management. When you enable user account management, you can configure settings to create new user accounts automatically or by using a workflow. You must select one or the other option. If you use a workflow, the workflow settings specify the correct number of approvals that are necessary to create user accounts. When all the approvals are received, App Controller creates the user account.

If an application is available for user account management, after you configure the URL and licenses, you click Next to configure the settings for creating user accounts, including workflow settings. If an application is not available for user account management, the check box does not appear when you configure the URL and license information.

After you configure the application to enable user account creation and management, you can synchronize the application accounts with Active Directory. When you synchronize application accounts, App Controller uses the users' Active Directory credentials for SSO to the application.

To configure new user accounts

When you configure an application that allows for user account management, you can have App Controller create the user accounts automatically or you can configure a workflow to have user account creation approved by individuals in your organization.

When you choose to create an account automatically, you can also choose the action to take when the account is not longer needed. For example, if a user is temporarily away from the organization, you can select to disable the account until the user returns. If a user has left the organization permanently, you can select to delete the account.

  1. In the App Controller management console, click Apps & Docs at the top of the page.
  2. Under APPS, click Web and SaaS.
  3. In the detail pane, click the plus (+) sign and then select a SAML application from the catalog.
  4. On the first page of the Configure App dialog box, configure the application settings, select Enable user management for provisioning and then click Next.
  5. On the second page of the Configure App dialog box, do the following:
    1. Under Service account, in User name and Password, enter the application service account credentials.

      The service account is the administrator account for the application.

    2. To create user accounts automatically, under User Accounts, select Create account automatically and then in When user entitlement ends, select from the options in the list.
  6. Click Next.
  7. On the User Names page of the Configure App dialog box, do the following:
    1. Under User Name Rule, in User attribute, select the parameter for creating the user account.

      For example, select Last name. The default parameter is Email address.

    2. In Length (characters), select the length for the user account.

      For example, if you select 7, the user name is the first seven letters of the users' last name. The default setting is All. When you select these two parameters, the Rule field populates automatically.

    3. Under Password Requirement, select the required password length.
    4. Under Password Expiration, in Validity (days), set the number of days the password is valid.
    5. Select Automatically reset password after it expires to allow users to reset their passwords.
  8. Click Next to configure the workflow settings.

To configure workflow settings

  1. On the Workflow page of the Configure App dialog box, click Requires Approval if you want to use a workflow to approve new user accounts.
  2. Select Create new workflow or select an existing workflow.
  3. If you are creating a new workflow, in Workflow name, enter a name for the new workflow.
  4. Optionally, in Description, describe the workflow purpose and then click Next.
  5. Under Manager Approvals, next to Levels of manager approval , select the number of levels required for user account approval.
    You can select up to three levels of approvers or you can select Not needed if the workflow does not require manager approval. Approval goes through the workflow according to the managers identified in Active Directory.
    Note: If you do not select the manager approval level, you must add approvers in Additional Approvers.
  6. Under Additional Approvers, add the people who also need to approve the user account.

    To find the name of an approver, you can enter a first or last name in the fields provided. You can also enter partial names. When the user appears in the text box, select the user and then click the plus (+) sign.

  7. Click Next, configure the policies for the application and then click Save.

To synchronize application users with Active Directory

After you configure an application connector to enable user account creation and management, you need to synchronize the users who have application accounts with the users in Active Directory. When you add users to Active Directory, you must enter the first name, last name, and email in the user properties. If you do not configure users in Active Directory with this information, App Controller cannot synchronize these individuals. When users attempt to start an app, users receive a message that they are not authorized to use the app.
Note: The Sync icon only appears when you select an application that is configured for user account management.
  1. In the App Controller management console, click the Apps & Docs tab.
  2. In the details pane, click an application.
  3. In the dialog box that appears, click the Sync icon.