Creating Tracking Only Apps

When your organization uses internal resources not inventoried by EmpowerID, such as a third-party software application, you can create a "tracking-only" application in EmpowerID to represent those resources. This allows you to implement internal access controls to manage and track who has access to what applications in your environment.

EmpowerID allows you to control and track access to applications not inventoried by EmpowerID through the use of a special type of account store internal to EmpowerID, known as a "tracking-only" account store. Each tracking-only account store has a one-to-one relationship with a specific application that is established at the time the application is created in EmpowerID.

This topic demonstrates how to create a "tracking-only" application in EmpowerID and is divided into the following activities:

To create a tracking-only application in EmpowerID

  1. From the Navigation Sidebar, navigate to the Application Management page by expanding Applications and clicking Manage Applications.
  2. From the Actions pane of Application Manager, click the Create Application action.
  3. This opens the Application Details form, which contains various tabs and fields for creating the application.

  4. From the General tab of the Application Details form, do the following:
    1. Type an appropriate name, display name and description for the application in the Name, Display Name and Description fields, respectively.
    2. Optionally, specify the path to a custom icon you want to use for the application or leave the value at its default.
    3. Select or deselect Allow Access Requests to specify whether to allow access requests. When this option is selected, the application appears in the IT Shop, allowing users to request an account when Allow Request Account is selected.
    4. Select or deselect Allow Claim Account to specify whether users can claim an account they already have in the application. When this option is selected, users can claim their accounts and gain instant access after passing the requisite identity proofs.
    5. Select or deselect Allow Request Account to specify whether to allow users to request an account in the application. When this option is selected and Allow Access Requests is selected, users can request an account in the application.
    6. Deselect Login Is Email Address (Receive OTP to Claim). This setting is not required for tracking-only applications as it is used for identity proofing against applications that require user credentials.
    7. Select or deselect Make me the Application Owner to specify whether you are the owner of the application. Application owners have the ability to manage the application and approve or deny access requests.
    8. Configure Advanced Claim and Request Account Options - Select this option and then provide the appropriate advanced configuration information if you have custom pages and workflows configured in EmpowerID for processing access requests as well as for managing any accounts linked to the application's (internal to EmpowerID) account directory.
    9. The following image shows what the General Section of the form looks like for a tracking-only application we created in our environment.

  5. Click the Users tab and tick Create a New Account Directory. This instructs EmpowerID to generate a "tracking-only" account store for the application. Then when users are granted accounts in the application, EmpowerID will add those accounts to the "tracking-only" account store, linking them to their EmpowerID Person.
  6. Click the Add to Cart button.
  7. Click the My Cart link located at the top of the page and in the Cart dialog that appears type a reason for creating the application and then click Submit.

To request and approve an application account

  1. Log in to the EmpowerID Web application as a person needing an account for the application you just created.
  2. In order to access the IT Shop to request an application account, the person must have either the IT Shop Limited Access or IT Shop Full Access Management Role.

    For information on assigning Management Roles to people, see Assigning Management Roles.

  3. From the Navigation Sidebar, navigate to the IT Shop page for applications by expanding Applications and clicking Request Access.
  4. From the Request Access page, search for the application, click the Request Access link for that application and then click Request New Account.
  5. Click the Shopping Cart located at the top of the page and in the Cart Dialog that appears, type a reason for the request and then click Submit.
  6. EmpowerID routes the request to the application owner.

  7. To approve the request, log in the EmpowerID Web application as the application owner.
  8. From the Navigation Sidebar, navigate to your Tasks To Do page by expanding Tasks and Requests > Workflow Tasks and clicking Tasks To Do.
  9. You should see a request for an application account in the My Open Tasks widget.

  10. From the widget, click the link for the request.
  11. This directs you to the Task Details page for the request. From this page, you can view information about the task as well as initiate the approval process.

  12. From the Task Details page, click the View Approval Form link to open the Approval form and from the Approval form, click Approve.
  13. You should the status of the request update to Approved.