- List of Application Connector Types
- Configuring Additional Parameters in Application Connectors
- Configuring Applications for User Account Management
- Searching for Applications
When you configure an application for SSO, you can also configure some application connectors to enable user account creation and management. When you enable user account management, you can configure settings to create new user accounts automatically or by using a workflow. You must select one or the other option. If you use a workflow, the workflow settings specify the correct number of approvals that are necessary to create user accounts. When all the approvals are received, App Controller creates the user account.
If an application is available for user account management, after you configure the URL and licenses, you click Next to configure the settings for creating user accounts, including workflow settings. If an application is not available for user account management, the check box does not appear when you configure the URL and license information.
After you configure the application to enable user account creation and management, you can synchronize the application accounts with Active Directory. When you synchronize application accounts, App Controller uses the users' Active Directory credentials for SSO to the application.
You can use workflows to manage the creation and removal of user accounts. Before you can use a workflow, you need to identify individuals in your organization who have the authority to approve user account requests. Then, you can use the workflow template to create and approve user account requests.
When you configure App Controller for the first time, you configure workflow email settings. You must configure workflow email settings to use workflows. You can change workflow email settings at any time by using the System Configuration panel in App Controller. These settings include the email server, port, email address, and whether the request to create the user account requires approval or not.
You can configure workflows in two places in App Controller:
You can assign up to three levels for manager approval of user accounts. If you need other individuals to approve the user account, you can search and select additional approvers by using the person's name or email address. When App Controller finds the individual, you then add the person to the workflow. All individuals in the workflow receive emails to approve or deny the new user account.
When you configure an application connector to create user accounts, you select a checkbox that allows you to define how the user name and password appears, as well as who approves the new user account.
Some applications do not support the creation of new user accounts. If the check box Enable user management for provisioning appears on the Details page of the Configure App dialog box, you can create user accounts for the application.
This is the account that you use to log on to the application as an administrator. You must enter the user name and password.
You must type a value from 0 through 90. Passwords are valid for a maximum of 90 days.
If you do not select this check box, when user passwords expire, users cannot access the app.
You can select up to three levels of managerial approvers. Approval goes through the workflow according to the managers identified in Active Directory. If you do not need managerial approval, you can select Not needed. If you select this setting, you must add approvers in Additional Approvers. You must select at least one workflow approver.
You can search by using the person's full or partial name. You can add a total of five approvers to the list.
After you configure an application connector to enable user account creation and management, you need to synchronize the users who have application accounts with the users in Active Directory.
When you add users to Active Directory, you must enter the first name, last name, and email in the user properties. If you do not configure users in Active Directory with this information, App Controller cannot synchronize these individuals. When users attempt to start an app, users receive a message that they are not authorized to use the app.