App Overview
Application(app) is a major element in Apporetum. In this article, you will be introduced to unique concepts that we used in Apporetum, Apporetum App, App Role and App manager. You will also acquire some relevant key knowledge about data source and reconciliation.
What Is an Apporetum Appβ
An Apporetum application(app) is a grouping of App Roles that secure and govern account access to your directory groups and business applications. Apporetum apps enforce a business-focused management framework to provide business-driven governance over access to applications without the need for continuous IT involvement. Each application is specifically connected to one Data Source and controls the access of related accounts to that Data Source.
What Is an App Roleβ
App Roles are owned by an Apporetum app and are a single resource to which a user can be given access. Resources, depending on the Application's Data Source, can range from a group membership, an Entra ID (formerly Azure Active Directory) App Role assignment or a virtual assignment. Each App Role provides a set of governance functionality to enable IT to enforce who may gain access to a resource and for how long.
Management of Applicationsβ
Management of an Application is segregated into three separate duties; App Owner, Access Provider and Access Approver. App managers are assigned directly to an Application.
We recommend that your App Owners aim for assigning different app managers across each of the three different roles. This maximizes the security and governance compliance of Apporetum.
Regardless of which app manager duties you have, you can
- View Apps that you manage
- View information of those apps that you manage
- Reconcile those apps
- Reconcile roles in those apps
App Ownerβ
App Owners are responsible for the upkeep of an Application's appearance, management team, App Role guardrails and notification preferences.
Only System Admins can create an Application and their respective App Roles
Access Providerβ
Access providers are responsible for providing access to users to one or more App Roles.
Access Approverβ
Access Approvers are responsible for approving any access which requires it.
What is Data Sourceβ
Apporetum supports three main types of data sources, Entra Id (Entra ID (formerly Azure Active Directory)), OnPrem AD (On-Premise Active Directory), and CSV. You will need to choose a data source when you configure a new app.
Apporetum is a cloud-based identity and access management(IAM) service platform. In the context of IAM, a data source refers to the location or system where user information is stored, such as a directory service or a database. This information is used to authenticate and authorize users when they access resources in the system. Examples of data sources include Active Directory, LDAP, and a user database in a custom application.
What is Reconciliationβ
User's Access to Applications may drift from Apporetum's source of truth. This is typically caused by out-of-process actions by external users. Reconciliation audits Data Sources and captures access which does not match Apporetum's records. These Reconciliation alerts can then be reviewed and remediated within the Apporetum Portal.