Product Documentation

Configuring Roles

Oct 08, 2015

A role is a group of users to which you assign applications. You can use roles to assign groups from Active Directory in App Controller. After you add Active Directory groups to a role, you then assign applications to the role. The basic steps for adding a role in App Controller are as follows:

  • Assign a name to the role.
  • Provide a description for the role.
  • Select one or more groups that exist within the domain you chose and add them to the role.

    If users are members of multiple groups, you can choose if users must be members of all of the defined groups or if users can belong to some of the groups. For example, you have JohnD in the Sales, Finance, and Marketing Groups. To access apps and data, you can require JohnD to be a member of all three groups. You can also allow JohnD to be a member of any of the groups to gain access to apps and data.

  • Select the ShareFile Storage Zone to which users have access.

You can assign web, SaaS, and mobile applications to a role. You can also assign web links to a role and add roles to ShareFile settings.

Note: You must configure Roles before you configure ShareFile settings. You cannot use the AllUsers role for ShareFile.

After you configure roles, you configure the applications for single sign-on (SSO). You can then assign one or more applications to the roles. For example, you configure Sales, Marketing, and Finance roles in App Controller. After you configure the Salesforce and GoToMeeting application connectors, you might assign the Salesforce application to the Sales role and you might assign GoToMeeting to all three roles.

Adding or Removing Roles

When you add a role, you assign one or more Active Directory groups to the role. You must have an active connection from App Controller to Active Directory to add a role. After you add groups to the role, you then assign applications to the role.

Note: You can only use the Assign Apps to Role link on the Roles tab when you create a role. You can also assign an app to a role by using the Configure App dialog box.

When you configure a role and add multiple Active Directory groups, you can require users to be a member of all groups or you can require membership in at least one of the selected groups.

When you delete a role, the role is removed from App Controller. If you need the role again, you need to configure a new role.

To add a role

  1. In the App Controller management console, click the Roles tab.
  2. Under Roles, click Add Role.
  3. In the Add Role dialog box, in Role name, type a name for the role.
  4. In Role description, enter a description of the role.
  5. If you configured multiple domains in App Controller, in Domain, select the domain.

    If only one domain is configured, this field appears as a label. If you configure multiple domains, the field appears as a drop-down list.

  6. Under ShareFile Configuration, in Storage Zone, select the storage zone for the role.

    Storage Zone only appears if you configure ShareFile in App Controller. If ShareFile is not configured, you can click the Sync icon to add the domain, user name, and password for ShareFile. When you click Discover, App Controller retrieves the ShareFile Storage Zone. The Sync icon does not appear if you configure ShareFile in App Controller.

  7. Click Next.
  8. In Group membership, do one of the following:
    1. Click AND to require role membership from all groups in order to access apps.
    2. Click OR to require role membership in any of the selected groups in order to access apps.
  9. Under Available groups, select the groups that you want to add to the role and then click the chevron (>) to move the groups to Role members.
  10. Click Save.

To delete a role

  1. In the App Controller management console, click the Roles tab.
  2. In the navigation pane, under Roles, click the wrench icon for the role and then in the dialog box, click the X icon.
  3. Click Yes to delete the role.