Identity Management

There are several questions you need to answer before determining how users will access the system:

  • How will new users be created?
  • How will existing users’ profiles be updated?
  • How will users who should no longer have access to the system be deactivated?
  • How will users’ roles and group memberships be updated over time?

The following sections provide different methods to answer these questions.

User Management

Below are the four most common user management methods.

Method Description

 

Manual user management

This method is simple, but it is a manual process that relies on Appian system administrators. See User Management for more information.

Create new users and update user attributes upon sign-in

When authenticating with OpenID Connect, PIEE, LDAP or SAML, Appian has the ability to create new user accounts on first login as well as update user attributes upon sign-in.  

User deactivation with these methods is handled based on the user inactivity.  Idle User Deactivation Duration can be set and managed via the Admin Console. 

LDAP synchronization

This solution on the AppMarket is typically run as a nightly process to create, update, deactivate, and reactivate users by synchronizing with your organization’s LDAP servers.

Process-based creation and update

You can design a custom user management method using a process model to create, update, deactivate, and reactivate users from various sources. For example, user lists could be loaded from CSV files or database queries. Some organizations utilize Web services to retrieve user lists.

The Add User Smart Service can be used in process to create new users.

Group and Group Membership Management

In order for users to have proper roles and access, users must be added to Appian groups. Below are the most common methods for group and group membership management.

Method Description

 

Manual group management

This method is simple, but it is a manual process that relies on Appian system administrators. See Group Management for more information.

Additionally, these activities could be delegated to individual group administrators, or business units to manage using User and Group Management Application.

Rule-based group membership management

This method can be combined with other synchronization methods to allow for user memberships to be resolved automatically based on values in users' profiles.

Synchronize a user’s groups upon sign-in

When using OpenID Connect, PIEE, or SAML, Appian has the ability to synchronize a user's group membership upon sign-in. 

LDAP synchronization

If you have your group memberships managed in an LDAP directory, the LDAP Synchronization application can synchronize users into the appropriate Appian groups. Modify the template application to suit your needs.

Process-based management

If users' group memberships are stored in a database or can be retrieved using a Web service, you can leverage Appian process models for automated management.

The Add Group Members and Remove Group Members smart services can be added in process to help manage your memberships.

See the LDAP Synchronization sample application for an example of a process that uses an LDAP directory as a source of authorities.