Skip to main content

Application access tree

Description

Soffid allows administrator users to create new entry points to the information systems. These entry points are the way that the users have to connect to the applications.

Entry points can be URLs or applications that can give access to information systems that have been registered in Soffid. These entry points are managed in a tree structure that allows creating new menus and new application access.

Each member of the tree can be tied to a list of users, accounts groups, or roles. Also, you can choose if the application menu entry will be visible or not by not authorized users.

After logging on to a managed workstation, the system will apply such restrictions and will update the Windows or Linux start menu.

Each application entry point will have different execution methods for full managed workstations, loosely managed workstations, or external devices. Each of them can be a web browser URL or a javascript piece.

Each application entry point can have a single sign on rule. Those roles are fully explained at the ESSO reference guide. For more information you can visit the ESSO chapter.

  1. Information system
  2. User
  3. Group
  4. Role
  5. Account

Standard attributes

Basics

  • Menu: (yes|no) when the menu is Yes, this application will be like a folder to contain and organize other applications.
  • Name: application identifier name.
  • Code: application code.
  • Information System: asset or application, from a functional point of view, on which the permissions are granted or revoked.
  • System: information storage system from a technical point of view (active directory, database, CSV, ...).
  • Public access: when it is Yes, this application will be displayed as public at the self-service portal of all users.
  • Visible without permissions: when it is Yes, this application will be displayed at the self-service portal, but only users with permissions will be allowed to connect.
  • Icon: application identification icon.

Authorizations

Allows you to grant access permissions to users, groups, roles or accounts. 

To give authorization it is necessary, first of all, to select the grantee type, then to choose the user, group, role, or account, and finally choose the access level. The access level allows two options:

  • Manage: allows to update the entry point.
  • Execute:
    • When the entry point has selected the option public access to NO, only users with the assigned access level as execute, could execute that entry point.
    • When the entry point has selected the option public access to YES, all users could execute that entry point.

Executions

Allows Administrator users to configure the entry point access. It is only available to entry points with option Menu does not selected.

There are tree options to configure the executions. Administrator users can configure one or more:

  • Running from Intranet: this entry applies to hosts located in a network flagged as internal.
  • Running from Extranet: this entry applies to hosts located in a network NOT flagged as internal.
  • Running on the Internet: this entry applies to hosts located in a unknown network.

For each one execution option it is possible to configure the following parameters: 

  • Enabled: if the option is available to configure.
  • Type: access connection type.
  • Content
      • text/html: a URL to access to the application.
      • x-application/x-mazinger-script: scripts that will be executed on ESSO clients.
      • Recorded session: configuration to use PAM service.
      • Web Single Sign On: a URL to access to the application with SSO.

    ESSO

    Allows you to customize a script to define a patter to detect when an application is used and how to inject the credentials.

    For more information you can visit the ESSO chapter.

    Actions

    Application query

    Query Allows to query users through different search systems, Quick, Basic and Advanced.
    Add new

     

    Create new entry

    Allows you to add a new entry point. You can choose that option on the hamburger menu or clicking the add button (+).

    To add a newentry poin it will be mandatory to fill in the required fields

    Application detail

    Apply changes

    Allows you to save the data of a new entry point or to update the data of a specific entry point. To save the data it will be mandatory to fill in the required fields.

    Delete

    Allows you to delete the entry point.

    To delete an entry point, you can click on the hamburger icon and then click on the delete button (trash icon).

    Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation.

    Undo

    Allows you to undo the changes made.

    Authorizations
    Add or remove columns
    Allows to show and hide columns in the table.
    Add new Allows to add a new authotization to the group. 
    Remove Allows to remove one or more authorizations from the entry point. 
    Import Allows to upload a CSV file with the información about authorizations to add update or remove that.
    Download CSV file Allows to download a CSV file with all the information about authorizations. 
    Executions
    Apply Changes Allows to save the execution configuration.
    Delete Allows to delete the execution configuration.
    ESSO

     &&TODO&&