Using the Edit Application Page

Note: IdentityIQ does not support applications names that start with a numeric value or that are longer than 31 characters.

The owner specified here is typically the business owner of the system, who is familiar with the system, its entitlements, and who should have access it it. The owner responsible for access reviews for this application from application owner certifications, account group permissions certifications, and account group membership certifications. The application owner can also be selected as an approver in targeted certifications.

Application ownership can be assigned to an individual identity or a workgroup. If the application ownership is assigned to a workgroup, all members share certification responsibilities, are assigned certification request associated with the application and all can take action on those requests.

The application type, for example, LDAP or JDBC.
The Application Type dropdown list contains the types of application to which IdentityIQ can connect. This list can grow and change as new application types are developed for IdentityIQ, and as existing application types are updated or deprecated.

A brief description of the application.

If your instance of IdentityIQ is configured to support multiple languages, you can use the language selector to enter description in multiple languages. The dropdown list displays any languages supported by your instance of IdentityIQ. The description displayed throughout the product is dependent on the language associated with the user's browser. If only one description is entered, that is the description used by default.

Note: You must Save the description before changing languages to enter another description.

The default IdentityIQ user or workgroup to be assigned revocation requests associated with entitlements on this application. If no user is specified in this field, all revocation requests are assigned to the to application owner by default.

A proxy application is an application that handles the processing (aggregation and provisioning) on behalf of your application. Configuring a proxy application is optional.

Here are some examples of proxy applications:

• Multiplex applications: In this case you define an application and, most often, a build map rule that sorts the data out in multiple sub-applications. In that case, the sub-applications have the main application as the proxy.

• Similar to the multiplex applications are the connectors for legacy identity management systems such as, BMC, Novell/NetIQ, IBM Tivoli, and Sun/Oracle Waveset.

• The Cloud Gateway connector tunnels all aggregation and provisioning requests to the gateway in another network. The gateway then acts on behalf of IdentityIQ. All applications that live in the remote network need to have the cloud gateway connector set as the proxy.

This is an optional class used to associate this application with a larger set of applications, for role modeling purposes.

For example, you might set a profile class of XYZ on all of the applications where any user that has read account privileges should be assigned the role XYZ Account Reader. You can then create a single profile for that role instead of a separate profile for each instance of the applications. During the correlation process any user with read account privileges on any of the applications with the profile class XYZ is assigned the role XYZ Account Reader.

This field is only visible if scoping is enabled for your instance of IdentityIQ. When a scope is assigned, only the owner of the application or users that control the designated scope can work with this application.

Objects associated with this application, such as entitlements in a certification request, are visible to a user with any or no controlled scope, but if a new object is being created (for example, a certification schedule), this application does not appear on the select list unless the creator controls the scope assigned.

Depending on configuration settings, objects with no scope assigned might be visible to all users with the correct capabilities.

An authoritative application is a target system that represents the primary and most trusted information for employee information for your enterprise, such as a human resources application. When this option is selected, designating this application as an authoritative one, the IdentityIQ aggregation process will create an authoritative Identity Cube for each account in this application. Note that your organization can have multiple authoritative applications.

Use to cause case insensitive comparisons of account attribute values when evaluating provisioning policy.

Select this option if this application should be included when IdentityIQ performs native change detection during aggregation.

For more detailed information about configuring native change detection, see Native Change Detection Configuration.