Identity Management

Appian Max Team — Tue, 23 Apr 2024 13:14:17 GMT

Current Revision posted to Guide by Appian Max Team on 4/23/2024 1:14:17 PM

There are several questions you need to answer before determining how users will access the system:

How will new users be created?
How will existing users’ profiles be updated?
How will users who should no longer have access to the system be deactivated?
How will users’ roles and group memberships be updated over time?

The following sections provide different methods to answer these questions.

User Management

Below are the four most common user management methods.

Method Description
Manual user management	This method is simple, but it is a manual process that relies on Appian system administrators. See User Management for more information.
Create new users and update user attributes upon sign-in	When authenticating with OpenID Connect, PIEE, LDAP or SAML, Appian has the ability to create new user accounts on first login as well as update user attributes upon sign-in. User deactivation with these methods is handled based on the user inactivity. Idle User Deactivation Duration can be set and managed via the Admin Console.
LDAP synchronization	This solution on the AppMarket is typically run as a nightly process to create, update, deactivate, and reactivate users by synchronizing with your organization’s LDAP servers.
Process-based creation and update	You can design a custom user management method using a process model to create, update, deactivate, and reactivate users from various sources. For example, user lists could be loaded from CSV files or database queries. Some organizations utilize Web services to retrieve user lists. The Add User Smart Service can be used in process to create new users.

Group and Group Membership Management

In order for users to have proper roles and access, users must be added to Appian groups. Below are the most common methods for group and group membership management.

Method Description
Manual group management	This method is simple, but it is a manual process that relies on Appian system administrators. See Group Management for more information. Additionally, these activities could be delegated to individual group administrators, or business units to manage using User and Group Management Application.
Rule-based group membership management	This method can be combined with other synchronization methods to allow for user memberships to be resolved automatically based on values in users' profiles.
Synchronize a user’s groups upon sign-in	When using OpenID Connect, PIEE, or SAML, Appian has the ability to synchronize a user's group membership upon sign-in.
LDAP synchronization	If you have your group memberships managed in an LDAP directory, the LDAP Synchronization application can synchronize users into the appropriate Appian groups. Modify the template application to suit your needs.
Process-based management	If users' group memberships are stored in a database or can be retrieved using a Web service, you can leverage Appian process models for automated management. The Add Group Members and Remove Group Members smart services can be added in process to help manage your memberships. See the LDAP Synchronization sample application for an example of a process that uses an LDAP directory as a source of authorities.

Tags: Delivery, Architecture

Identity Management

joel.larin — Tue, 31 Oct 2023 18:06:33 GMT

Revision 3 posted to Guide by joel.larin on 10/31/2023 6:06:33 PM

There are several questions you need to answer before determining how users will access the system:

How will new users be created?
How will existing users’ profiles be updated?
How will users who should no longer have access to the system be deactivated?
How will users’ roles and group memberships be updated over time?

The following sections provide different methods to answer these questions.

User Management

Below are the four most common user management methods.

Method Description
Manual user management	This method is simple, but it is a manual process that relies on Appian system administrators. See User Management for more information.
Create new users and update user attributes upon sign-in	When authenticating with OpenID Connect, PIEE, LDAP or SAML, Appian has the ability to create new user accounts on first login as well as update user attributes upon sign-in. User deactivation with these methods is handled based on the user inactivity. Idle User Deactivation Duration can be set and managed via the Admin Console.
LDAP synchronization	This solution on the AppMarket is typically run as a nightly process to create, update, deactivate, and reactivate users by synchronizing with your organization’s LDAP servers.
Process-based creation and update	You can design a custom user management method using a process model to create, update, deactivate, and reactivate users from various sources. For example, user lists could be loaded from CSV files or database queries. Some organizations utilize Web services to retrieve user lists. The Add User Smart Service can be used in process to create new users.

Group and Group Membership Management

In order for users to have proper roles and access, users must be added to Appian groups. Below are the most common methods for group and group membership management.

Method Description
Manual group management	This method is simple, but it is a manual process that relies on Appian system administrators. See Group Management for more information. Additionally, these activities could be delegated to individual group administrators, or business units to manage using User and Group Management Application.
Rule-based group membership management	This method can be combined with other synchronization methods to allow for user memberships to be resolved automatically based on values in users' profiles.
Synchronize a user’s groups upon sign-in	When using OpenID Connect, PIEE, or SAML, Appian has the ability to synchronize a user's group membership upon sign-in.
LDAP synchronization	If you have your group memberships managed in an LDAP directory, the LDAP Synchronization application can synchronize users into the appropriate Appian groups. Modify the template application to suit your needs.
Process-based management	If users' group memberships are stored in a database or can be retrieved using a Web service, you can leverage Appian process models for automated management. The Add Group Members and Remove Group Members smart services can be added in process to help manage your memberships. See the LDAP Synchronization sample application for an example of a process that uses an LDAP directory as a source of authorities.

Tags: Delivery, Architecture

Identity Management

joel.larin — Tue, 31 Oct 2023 18:00:48 GMT

Revision 2 posted to Guide by joel.larin on 10/31/2023 6:00:48 PM

There are several questions you need to answer before determining how users will access the system:

How will new users be created?
How will existing users’ profiles be updated?
How will users who should no longer have access to the system be deactivated?
How will users’ roles and group memberships be updated over time?

The following sections provide different methods to answer these questions.

User Management

Below are the four most common user management methods.

Method Description
Manual user management	This method is simple, but it is a manual process that relies on Appian system administrators. See User Management for more information.
Create new users and update user attributes upon sign-in	When authenticating with OpenID Connect, PIEE, LDAP or SAML, Appian has the ability to create new user accounts on first login as well as update user attributes upon sign-in. User deactivation with these methods is handled based on the user inactivity. Idle User Deactivation Duration can be set and managed via the Admin Console.
LDAP synchronization	This solution on the AppMarket is typically run as a nightly process to create, update, deactivate, and reactivate users by synchronizing with your organization’s LDAP servers.
Process-based creation and update	You can design a custom user management method using a process model to create, update, deactivate, and reactivate users from various sources. For example, user lists could be loaded from CSV files or database queries. Some organizations utilize Web services to retrieve user lists. The Add User Smart Service can be used in process to create new users.

Group and Group Membership Management

In order for users to have proper roles and access, users must be added to Appian groups. Below are the most common methods for group and group membership management.

Method Description
Manual group management	This method is simple, but it is a manual process that relies on Appian system administrators. See Group Management for more information. Additionally, these activities could be delegated to individual group administrators, or business units to manage using User and Group Management Application.
Rule-based group membership management	This method can be combined with other synchronization methods to allow for user memberships to be resolved automatically based on values in users' profiles.
Synchronize a user’s groups upon sign-in	When using OpenID Connect, PIEE, or SAML, Appian has the ability to synchronize a user's group membership upon sign-in.
LDAP synchronization	If you have your group memberships managed in an LDAP directory, the LDAP Synchronization application can synchronize users into the appropriate Appian groups. Modify the template application to suit your needs.
Process-based management	If users' group memberships are stored in a database or can be retrieved using a Web service, you can leverage Appian process models for automated management. The Add Group Members and Remove Group Members smart services can be added in process to help manage your memberships. See the LDAP Synchronization sample application for an example of a process that uses an LDAP directory as a source of authorities.

Identity Management

joel.larin — Thu, 31 Aug 2023 15:05:00 GMT

Revision 1 posted to Guide by joel.larin on 8/31/2023 3:05:00 PM

There are several questions you need to answer before determining how users will access the system:

How will new users be created?
How will existing users’ profiles be updated?
How will users who should no longer have access to the system be deactivated?
How will users’ roles and group memberships be updated over time?

The following sections provide different methods to answer these questions.

User Management

Below are the four most common user management methods.

Method Description
Manual user management	This method is simple, but it is a manual process that relies on Appian system administrators. See User Management for more information.
Create new users and update user attributes upon sign-in	When authenticating with OpenID Connect, PIEE, LDAP or SAML, Appian has the ability to create new user accounts on first login as well as update user attributes upon sign-in. User deactivation with these methods is handled based on the user inactivity. Idle User Deactivation Duration can be set and managed via the Admin Console.
LDAP synchronization	This solution on the AppMarket is typically run as a nightly process to create, update, deactivate, and reactivate users by synchronizing with your organization’s LDAP servers.
Process-based creation and update	You can design a custom user management method using a process model to create, update, deactivate, and reactivate users from various sources. For example, user lists could be loaded from CSV files or database queries. Some organizations utilize Web services to retrieve user lists. The Add User Smart Service can be used in process to create new users.

Group and Group Membership Management

In order for users to have proper roles and access, users must be added to Appian groups. Below are the most common methods for group and group membership management.

Method Description
Manual group management	This method is simple, but it is a manual process that relies on Appian system administrators. See Group Management for more information. Additionally, these activities could be delegated to individual group administrators, or business units to manage using User and Group Management Application.
Rule-based group membership management	This method can be combined with other synchronization methods to allow for user memberships to be resolved automatically based on values in users' profiles.
Synchronize a user’s groups upon sign-in	When using OpenID Connect, PIEE, or SAML, Appian has the ability to synchronize a user's group membership upon sign-in.
LDAP synchronization	If you have your group memberships managed in an LDAP directory, the LDAP Synchronization application can synchronize users into the appropriate Appian groups. Modify the template application to suit your needs.
Process-based management	If users' group memberships are stored in a database or can be retrieved using a Web service, you can leverage Appian process models for automated management. The Add Group Members and Remove Group Members smart services can be added in process to help manage your memberships. See the LDAP Synchronization sample application for an example of a process that uses an LDAP directory as a source of authorities.