In yesterday’s article, we looked at SaaS application integration into the enterprise with seamless user access to those applications. A key thing that we demonstrated was the single sign-on experience for the user. The SSO experience occurs when the user already has an account on the application, and OpenCloud Access is able to associate the application account to the user’s enterprise directory account.

What happens if the user doesn’t already have an account on the external SaaS or cloud application – you ask? Glad you did…

There are a couple of ways we can make external account creation extremely simple from an enterprise operations perspective. One would be to extend existing directory rules and policies – so OpenCloud Access can use that to create external application accounts, based on a directory user’s group association or attribute setting (see below)

A more powerful way is to use OpenCloud Access’s workflow management capabilities. The application in question can be associated to a customized workflow – which shows the application with a “request” action on the Citrix Receiver. Clicking that button sends out emails – and depending on the workflow’s configuration, emails are sent to the user’s manager, the departmental manager, the IT admin etc (approval hierarchy and levels, mandatory vs. optional approval – depend on the nature of the app itself, which can be defined within the workflow) Clicking links within those emails allows the approvers to sign-off on the request, which immediately allows OpenCloud Access to create the external user account, with appropriate account privileges. A quick capture of this process is shown below.

After the approval – the user is able to access the application without needing any new credentials. The entire account creation process, authorization settings etc are automated, with minimal manual intervention – leading to faster app access. It’s easy to imagine how you could tie this process up with all applications, not just external, but internal to the enterprise as well, which would make new employee onboarding a piece of cake. Simply create the new employee’s directory account, and let OpenCloud Access take care of every application account creation and management from that point on. Now wouldn’t that speed things up…..

If you are going to be at San Francisco for Synergy 2011, don’t forget to attend the SaaS Identity Management session, for more on this topic.

Register here for Synergy 2011