Application based user management

That is the default way of doing it and covered in tutorials and trainings.

Thank you,

I've already looked at a couple of tutorials without finding that default way, I guess I'll dig some more.

When you create a new app using the wizard, you will get these exact groups created. Then use them to secure your design objects.

Yes, that part is understood 

What I do not know is, how to assign users (not known during design time) to this role. I imagine such a process:

• Landing Page
  • Log In (if known user)
  • Apply for registration (new user)
    This triggers a process for the admin role to authorize this new user for a log-in or in other words, to assign this user (who is basically a row/record type in the database) to this normal user role...
• Secured part of the application
  • the "normal stuff" done with the basic role model

Our clients typically use a active directory to implement access management.

To login to Appian, you need to have an existing account. That "new user" scenario does not work, letting an Appian Portal aside.

Now, your landing page could be visible to everybody. Any user that is not in your app's user group just sees some form to apply for access.

Our clients typically use a active directory to implement access management.

To login to Appian, you need to have an existing account. That "new user" scenario does not work, letting an Appian Portal aside.

Now, your landing page could be visible to everybody. Any user that is not in your app's user group just sees some form to apply for access.

I do not mean the user to log into Appian but into an application built with Appian.

That is no difference.

So this means, there is no way to use an appian built application without having an appian user. That clarifies things - thank you :)

The only exception is Appian Portals. These allow anonymous access in a very restricted environment.

docs.appian.com/.../portals-home.html