Step 24: Grant internal users access to the app (tutorial)
In this step, we'll grant some of our internal users access to our app.
Grant access to the autogenerated internal group
NIM autogenerates an internal group for each app. We need to grant the autogenerated group access to our app.
In the app designer, go to the Access tab of the App_AD_User_Create app.
All users and groups in the internal NIM system are displayed here.
Click the header of the Type column to sort the Access pane by type.
All groups in the internal system are brought to the top of the list. Currently, only the Administrators group has access to this app. However, as we can see, there is an autogenerated group available that corresponds to this app (nga_App_AD_User_Create).
We'll enable the checkbox for the nga_App_AD_User_Create group. Now, all users in this group will be able to access this app.
Click Save.
Put users in the autogenerated internal group
Now that the autogenerated group has access to the app, we need to put some users into the group.
Create a filter named
internal_GroupMemberships_App_AD_User_Create
.We'll configure the filter to get all employees in the EN_CO (Helpdesk) department who have an internal user account (26 total):
Go to the internal system's groups table, and copy the ID of the nga_App_AD_User_Create group (in this case,
100000001
) to a local text editor.Create a mapping with the following values:
System: internal
Target: memberships
Function: membership_create
Name: internal_membership_create_App_AD_User_Create_dept_EN_CO
For the mapping's Filter, select the internal_GroupMemberships_App_AD_User_Create filter we just created.
We'll map the following attributes:
Attribute
Source
Value Specification
AccountID
filter
ID
GroupID
constant
100000001
Click Save.
We'll create a new job named internal, and add this mapping to it.
We'll create a new sync scheduler also named internal, and add the internal job to it.
We'll manually run this scheduler.
The 26 internal users are now members of the nga_App_AD_User_Create group, and therefore now have access to the App_AD_User_Create app.
To verify this, we'll check the memberships table of the internal system. The memberships were successfully created.
We can also verify the same thing on the Access tab of the app.
Next: Step 25: Production test