Applications Catalog
The Catalog is an Administrator view in which all of the installed applications can be modified and new applications can be added.
Before a new application can be added, first ensure the correct Category to be assigned to the application is available. Editing and creating categories is done through the My Applications submenu and is explained in Create or Edit a Category.
Create an Application
The new RapidIdentity UI provides a streamlined approach to creating an application for Administrators. Many of these tasks were previously available under the General and Extended tabs within Configuration > Applications.
Follow these steps to create an Application in RapidIdentity.
Choose the Applications module from the main drop-down menu and click the Catalog menu.
Click the Add Application or Plus button at the top right of the screen to create a new Application. (Appearance will vary in different browser widths.)
Add Application Buttons
For visibility within this documentation, different sections of the Add Application form have been split into two screenshots. The first section collects general information about the application.
Give the application a name that makes it easy to identify. This is a required field and the application cannot be saved until this field is populated.
Click the pencil in the icon box to select or upload an image to represent this application. A default library of icons is available, or you can upload a custom icon by clicking Upload Icon and following the upload wizard.
Note
For the best results, use a square icon that is 300px × 300px or fewer and uses a simple design with clear colors. Text, intricate designs, or specialty shapes may distort upon use.
Once an icon is chosen, administrators have the option to include a pre-chosen coordinating background color or to choose a custom color.
Add an optional, brief description of the application.
The Owner field will automatically populate with the identity of the current user. If altered, this field will not retain new settings and will default to the current user.
Choose the Category for this application. Multiple categories can be assigned by clicking Add Another Category and populating the resulting field.
The second section activates and defines the application and its access details.
Field | Description |
|---|---|
Application URL | Required. The application URL. Tokens may be used in the Application URL. All LDAP attributes are valid. NotePercent signs in app URLs must be escaped to |
Application Access | Can be one of three types: Authenticated and Anonymous Users; Anonymous Users Only; or Authenticated Users Only |
Status | Determines if the application icon link will be visible in RapidIdentity Portal. |
Priority | Required. This value allows administrators to determine both the relative order and application icon size users see when accessing My Applications. Assigning priority is very useful when users have access to large numbers of applications, particularly if accessing applications from a mobile device. Applications can have equivalent priority (e.g. 3 applications set to priority 100). |
Require Bookmark | When selected, this application displays in the user's Bookmarks in the Dashboard module. |
Access Control | Choose whether to provide the application as Role-based or Attribute-based. |
To activate this application, use the drop-down menu Status to Active. This setting also fully enables/disables the application definition, determining whether the application link will be visible in RapidIdentity Portal.
Insert the URL required to access the application
Check Require Bookmark to force this application on all qualified users' Dashboard and Bookmark filter in their My Applications view.
The Priority value allows administrators to determine both the relative order and application icon size users see when accessing My Applications. Assigning priority is very useful when users have access to large numbers of applications, particularly if accessing applications from a mobile device. Applications can have equivalent priority (e.g. three applications set to priority 100).
Choose how or if to limit the visibility of the application. More information on RBAC and ABAC filtering is available in Configuration Module Interface Overview. This field defaults to None.
SSO Tab
Define the type of application authentication to use.
Type | Description |
|---|---|
Simple | No authentication. This is typically used with federation/SSO provided the Service Provider is configured properly. This can also just be a simple link to any website. |
Form Fill Authentication (via Plugin) | Pass attributes to authenticate a user using a Plugin. NoteChoosing this option will require configuration of login steps and URLs for the plugin and content pages. This information is discussed with more detail in Form Fill Authentication (via Plugin). |
Form Fill Authentication | Pass attributes to authenticate a user. NoteChoosing this option will require configuration of other fields. More information is available in Form Fill Authentication. |
HTTP Basic Authentication | Send username and password in the URL field. NoteChoosing this option will require configuration of other fields. More information is available in HTTP Basic Auth Data Tab Fields. |
HTTP Basic Authentication Fields
Field Name | Description |
|---|---|
Form Submit Method | Match this to the target form. More information on Get and Post can be found here. |
Username | The username value (tokens supported) to pass to the application as the username for basic authentication. |
Password | The password value (tokens supported) to pass to the application as the username for basic authentication. *Basic authentication via this module does not work with Internet Explorer. Users using Safari will also have their username and password exposed in the URL bar. If either of these is a concern for the environment, it is best to use the Form Fill (via Plugin) Authentication and to create a custom form to submit the basic authentication. More information can be found here. |
Form Fill Authentication
 |
Field Name | Description |
|---|---|
Form Name/ID | The name or ID in the HTML of the target form. |
Form Submit Method | Match this to the target form. More information on Get and Post can be found here. |
Form onSubmit Javascript | Javascript to run after the form has been filled. This is sometimes useful to get hard-to-fill applications working. For an onSubmit primer, click here. |
Form Items | The required target form items. Simple forms may only require username and password. Others may require more information. |
Form Fill Authentication (via Plugin)
The Form Fill Authentication (via Plugin) Type allows administrators to configure an application to use the RapidIdentity Browser Plug-in.
This configuration is available when administrators select Form Fill Authentication (via Plugin) as the Type in the SSO tab of the Add Application menu.
Note
These configuration settings are dependent on the system administrator having a good understanding of inherent browser functionalities.
The exact steps necessary to configure the authentication vary based on how the service provider has its authentication process configured.
End users will need to download the appropriate plug-in for their browser.
Complete the required fields in the Details tab. In the SSO tab, select Form Fill Authentication (via Plugin) as the Type. The next action here will be to edit Login Step 1 by clicking the pencil icon.
Some login processes require two steps: first to enter the Email address on the first page and then the password on the next page. The main information should be entered in the Edit Login Step menu, then each of the granular configuration menus will start with defining an Element. Enter a Step Name for the step, the expected Page Title (for verification purposes), as well as Match Attempts and Retry Interval in Seconds. Then click to Add Another Element.
Table 15. Form Fill Authentication (via Plugin) FieldsField Name
Description
Step Name
A name for the step (e.g., Enter Username)
Page URL Matching
The URL for which information will be form filled in the step. Wildcard (*) URLs are supported (e.g. https://www.example.com/*)
Page Title Matching
The title that appears in the browser tab for the URL provided (e.g. Gmail). This field supports asterisks as wildcards.
Match Attempts
The number of attempts the browser plugin should attempt to complete the form.
Retry Interval (seconds)
The time interval for the browser to "wait" before attempting to match the Page Elements for each Match Attempt.
Each step will contain the configuration details required to describe each action the browser is to take. This requires configuring multiple Steps, their Elements, and the Actions performed within. Defining this element will instruct the browser on the steps to enter the email address.
Note
The element being defined must be unique on the page in order for the browser to find it successfully.
Table 16. Create Element FieldsField
Description
Name
Provide a brief name for the element that will be part of this step.
Find By
Use the drop-down list to determine which element to locate on the page on which to perform the next action. The choices are as follows:
By ID - searches for HTML elements by their ID
By Name - searches for HTML elements by their name (e.g., <input name="example"/>)
By Class - searches for HTML elements by their HTML class
By Tag - searches for HTML elements using a defined element tag (e.g., <button>)
By XPath - searches for an HTML element using an XPath descriptor
By Selector - searches for an HTML element using its Selector
Find by Value
Enter the exact value or a code string to represent the item chosen from the Find By drop-down list.
Required
Clicking this checkbox ensures that the browser will not continue with the steps until this element has been met.
To create an Action for the browser to perform on the selected Element, click Add Another Action.
Table 17. Add Another Action Menu FieldsField
Expected Value(s)
Text
The text that should be entered into the chosen Element. This text should be entered as an expression (may contain interpolation expressions, or tokens)
Password
The password that should be given to the chosen element.
Note
This password can be entered as tokens (e.g.
%session.password%or%password.<LDAP Attribute>%for LDAP attributes encrypted by RapidIdentity).Plaintext attributes can be used but are NOT recommended.
Another option is to use a static password for all users accessing this app via this definition. That value would be encrypted by RapidIdentity.
Click
Click the chosen element
Checkbox
Determine whether the item should be selected as a checkbox
Select
Choose a value from a drop-down option. The option will need to be defined
Send Event
Send a JavaScript event to an element on the web page. RapidIdentity supports the common Change, Focus, and Blur events, and provides an Other type with the opportunity to define any type of arbitrary event that can be sent to the element this action is defined for
Delay
Introduce a delay in milliseconds before moving to the next action
Enable
Enable the chosen element
Click Update until you return to the main menu, then click Save to return to the Catalog. The application is now ready to use.
Create or Edit a Category
For Administrators, the All category also has a settings cog that can be used to add custom categories for application creation. Click the cog next to ALL to open the Add Category window. Users who are not Applications Administrators will not see this settings cog.
Click the Add Category icon.
Give the category an accurate name and description.
