When your organization uses internal resources not inventoried by EmpowerID, such as a third-party software application, you can create a "tracking-only" application in EmpowerID to represent those resources. This allows you to implement internal access controls to manage and track who has access to what applications in your environment.
EmpowerID allows you to control and track access to applications not inventoried by EmpowerID through the use of a special type of account store internal to EmpowerID, known as a "tracking-only" account store. Each tracking-only account store has a one-to-one relationship with a specific application that is established at the time the application is created in EmpowerID.
This topic demonstrates how to create a "tracking-only" application in EmpowerID and is divided into the following activities:
To create a tracking-only application in EmpowerID
From the Navigation Sidebar, navigate to the Application Management page by expanding Applications and clicking Manage Applications.
From the Actions pane of Application Manager, click the Create Application action.
This opens the Application Details form, which contains various tabs and fields for creating the application.
From the General tab of the Application Details form, do the following:
Type an appropriate name, display name and description for the application in the Name, Display Name and Description fields, respectively.
Optionally, specify the path to a custom icon you want to use for the application or leave the value at its default.
Select or deselect Allow Access Requests to specify whether to allow access requests. When this option is selected, the application appears in the IT Shop, allowing users to request an account when Allow Request Account is selected.
Select or deselect Allow Claim Account to specify whether users can claim an account they already have in the application. When this option is selected, users can claim their accounts and gain instant access after passing the requisite identity proofs.
Select or deselect Allow Request Account to specify whether to allow users to request an account in the application. When this option is selected and Allow Access Requests is selected, users can request an account in the application.
Deselect Login Is Email Address (Receive OTP to Claim). This setting is not required for tracking-only applications as it is used for identity proofing against applications that require user credentials.
Select or deselect Make me the Application Owner to specify whether you are the owner of the application. Application owners have the ability to manage the application and approve or deny access requests.
Configure Advanced Claim and Request Account Options - Select this option and then provide the appropriate advanced configuration information if you have custom pages and workflows configured in EmpowerID for processing access requests as well as for managing any accounts linked to the application's (internal to EmpowerID) account directory.
The following image shows what the General Section of the form looks like for a tracking-only application we created in our environment.
Click the Users tab and tick Create a New Account Directory. This instructs EmpowerID to generate a "tracking-only" account store for the application. Then when users are granted accounts in the application, EmpowerID will add those accounts to the "tracking-only" account store, linking them to their EmpowerID Person.
Click the Add to Cart button.
Click the My Cart link located at the top of the page and in the Cart dialog that appears type a reason for creating the application and then click Submit.
To request and approve an application account
Log in to the EmpowerID Web application as a person needing an account for the application you just created.