Application access tree
Description
Soffid allows administrator users to create new entry points to the information systems. These entry points can be URLs or applications that can give access to information systems that have been registered in Soffid. These entry points are managed in a tree structure that allows to create new menus and new application access.
Each application entry point can have a single sign-on rules. Those roles are fully explained at SSO reference guide &&TODO&& Esta en confluence, ¿hay que mantener?
CONFLUENCE: ????After logging on a managed workstation, the system will apply such restrictions and will update the Windows or Linux start menu.
Each application entry point will have different execution methods for full managed workstation, loosely managed workstation, or external devices. Each of them can be a web browser URL or a javascript piece.
Screen overview
&&TODO&&
Related objects
Standard attributes
Basics
Authorizations
Allows to grant access permissions to users, groups, roles or accounts.
&&TODO&& Al asignar los permisos, en la pestaña de access level comprobar si se ha quitado o cambiado la etiqueta de Network
- Manage: allows to update the entry point.
- Execute:
- when the entry point has selected the option public access to NO, only users with the assigned access level as execute, could execute that entry point.
- when the entry point has seleccted the option public access to YES, all users could execute that entry point.
Executions
Allows Adminsitrator users to configure the entry point access. It is only available to entry points with option Menu does not selected
There are tree options to configure the executions. Administrator users can configure one or more:
- Running from Intranet: this entry applies to hosts located in a network flagged as internal.
- Running from Extranet: this entry applies to hosts located in a network NOT flagged as internal.
- Running on the Internet: this entry applies to hosts located in a unknown network.
For each one execution option it is possible to configure the following parameters:
- Enabled: if the option is available to configure.
- Type: access connection type.
- Content:
-
- text/html: a URL to access to the application.
- x-application/x-mazinger-script: scripts that will be executed on ESSO clients.
- Recorded session: configuration to use PAM service.
- Web Single Sign On: a URL to access to the application with SSO.
-
ESSO
&&TODO&&
Actions
Application query
Query | Allows to query users through different search systems, |
Add new | Allows to add a new entry point. To add a new entry point it is necessary to fill in the required fields. |
Create new entry | Allows to add a new entry point within the hierarchy. |
Application detail
Apply changes | Allow to create a new entry point or to update the data of a specific entry point. |
Delete | Allow to remove a specific entry point. |
Undo | Allows to quit without applying any changes. |
Authorizations
Add or remove columns |
Allows to show and hide columns in the table. |
Add new | Allows to add a new authotization to the group. |
Remove | Allows to remove one or more authorizations from the entry point. |
Import | Allows to upload a CSV file with the información about authorizations to add update or remove that. |
Download CSV file | Allows to download a CSV file with all the information about authorizations. |
Executions
Apply Changes | Allows to save the execution configuration. |
Delete | Allows to delete the execution configuration. |
ESO
&&TODO&&