Web Application (Credential-based)

Web applications run on a web server and are accessed by the user through web browsers with an active network connection using application credentials.

Configuring Web-Based Application

To configure web-based applications:

1. In the Applications home tab, click an Application. A pop-out menu option is displayed.
   
2. Click the Edit icon. The configuration screen is displayed.
   
3. Configure the application using the following:

• Application Name: Edit to change the displayed application name.
• Application Logo: Select the application logo.
• Application URL: Enter the application url.
• Login Elements: Select the determinants of login elements based on their type and value. A user or administrator can set element types:
  • Set by User: Attribute value set by the user.
  • Set by Admin: Attribute value set by the admin.
  • Directory Attribute: Attribute value defined by the Active Directory.
• Enable Secure Web Access: Select this option to secure the web access module to enable access to applications.

4. Click Save. An “Application Updated Successfully” confirmation message is displayed.
5. Click Close.
6. The configuration screen allows you to configure not only the application but also various authorization and security configurations.

Application Authorization

An Administrator allows you to create users and roles. You can perform the following:

• Authorize Roles
• Authorize Users

Authorize Roles

As an administrator, CI allows you to select specific roles that are authorized to access an application.

To authorize roles, perform the following steps:

1. Click Application. A pop-up option appears.
2. Click the Edit icon. The Application Configuration screen is displayed.
3. Click the Application Authorization tab. The Application Authorization screen is displayed.
   
4. Click Authorized Role and click Add Role. The Add Role screen is displayed.

5. Enter a Role Name.
6. Select added Role and Click Add. The added role is displayed on the screen.

Authorize Users

As an administrator, CI allows users to access each application.

To authorize users, perform the following steps:

1. Click Application. A pop-up option appears.
2. Click the Edit icon. The Application Configuration screen is displayed.
3. Click the Application Authorization tab. The Application Authorization screen is displayed.
   
4. Click Authorized User and click Add User. The Add user screen is displayed.

5. Enter a Username.
6. Click Add. The added user is displayed on the screen.

Application Security

CI allows you to set up multi-level authorization to enhance security. All SSO applications can have an additional parameter defined by an administrator.

To set up multi-level authorization, perform the following steps:

1. Click Application. A pop-up option appears.
2. Click the Edit icon. The Application Configuration screen is displayed.
3. Click the Application Security tab.
4. Select Enable Step-up Authentication. The following options are displayed:
   • Security Questions: User must answer all the available security questions that are displayed on the screen.
   • SMS OTP: Users receive one-time password on their registered mobile numbers. A phone number is dynamically derived from the user’s profile.
   • Email OTP: Users receive a one-time password on their registered email address. The email address will be dynamically derived from the user’s profile.
   • Soft Token: Six-digit one-time passcode is generated on the Soft Token app on the user’s mobile number. The user needs to enter the passcode for verification.
5. Click Save. A “Successfully updated application step-up authentication” confirmation message is displayed.

Browser Preference

You can enable your choice of browser in the browser’s preference for the thick client application.

To select browser preference, perform the following steps:

1. Click Application. A pop-up option appears.
2. Click the Edit icon. The Application Configuration screen is displayed.
3. Click the Browser Preference tab.
4. Click Enable browser preference. The following list of browsers appears to allow the user to select the preference:
   • Firefox
   • Internet Explorer
   • Chrome
5. Select your preferred browser to assign a browser to the application.
6. Click Save.

Password Sync

You can change an application password from your desktop or phone. As an Administrator, you can configure the users' CI password to synchronize with other target IGA applications during a password change or password reset. If the IGA application has a corresponding Web SSO application configured, CI can ensure that the password of the SSO application in the password vault is updated during the password Sync process.

To enable password sync, perform the following steps:

1. Click Application. A pop-up option appears.
2. Click the Edit icon. The Application Configuration screen is displayed.
3. Click the Password Sync tab.

1. Select Enable password sync?.
2. Click Save. A “Password sync setting updated successfully” confirmation message is displayed.

Provisioning

You can associate a provisioning application with each Web SSO application. If you have an owned account Provisioning in the provisioning application, the SSO icon of the web application comes up on your SSO launchpad.

To associate the provisioning of an application, perform the following steps:

1. Click Application. A pop-up option appears.
2. Click the Edit icon. The Application Configuration screen is displayed.
3. Click the Provisioning tab.
4. Select Associate a provisioning application?. Select the IGA application that is associated with the Provisioning Application from the drop-down list.
5. Click Save. A “Successfully associated provisioning application” confirmation message is displayed.

Attribute Mapping

You can map cross-directory attributes to Active Directory attributes, collecting information seamlessly.

To map attributes:

1. Click Application. A pop-up option appears.
2. Click the Edit icon. The Application Configuration screen is displayed.
3. Click the Attribute Mapping tab.
   
4. Click Add and add the attributes of the CI screen to be mapped with Active Directory attributes.
   
5. Enter the fields as per user requirement and click Save.