How To Guides for Access Software Plugin

How To Create a New Software or App for Provisioning

Creating a Self-Service Provisioning Software or App

  1. Navigate to Access Software > Software Catalog.
  2. Click on “Create
  3. Input the name of the software or app.

⚠️

Important note for Software Name

Use the search input for this config to find the software/application entity you want to configure. These entity names are identifiers that are unique to Moveworks and serve our entity detection models to predict which application a user is referring to. Currently, search results will not include organization-specific entities. To configure those, contact Moveworks Support.

  1. Check the “Enable in Bot” field to enable the software. You can also do this step later.
  1. Update the Pretext and External links. Refer to the below example for reference.
  1. Select Provisioning Strategy = Self Service Provisioning.
  2. Update the Title & Body as per your requirements for self-servicing the software.

📘

Tip

It is best to add a self-service URL in the self-service provisioning message body.

  1. Submit the changes.
  2. Once you submit the changes, you can see a new software catalog entry present in the home screen of Access Software module.

Creating a Group-Based Provisioning Software or App

  1. Navigate to Access Software > Software Catalog.
  2. Click on “Create
  3. Input the name of the software or app.

⚠️

Important note for Software Name

Use the search input for this config to find the software/application entity you want to configure. These entity names are identifiers that are unique to Moveworks and serve our entity detection models to predict which application a user is referring to. Currently, search results will not include organization-specific entities. To configure those, contact Moveworks Support.

  1. Check the “Enable in Bot” field to enable the software. You can also do this step later.
  2. Pretexts & External links are more suited for self-service software & apps, therefore this is optional and can be skipped.
  3. Select Provisioning Strategy = Group Based Provisioning.
  4. Choose the Identity system Integration (e.g. Okta or Azure Directory) that contains the group related to this app.
  5. Input the corresponding External ID of the group that backs this role.
  1. Select the appropriate approval method for the software.
    1. Base Approval Method: These are pre-defined approval workflows. Most commonly used Base approval methods are mentioned below. You can learn more about Base Approval types [here](https://help.moveworks.com/docs/moveworks-setup-native-approval-settings
      1. AUTO_APPROVE: Here, tasks or requests are automatically approved, bypassing the need for an approving authority.
      2. APP_ADMIN: The Application Administrator's approval is necessary to carry out certain functions.
      3. MANAGER: This type of approval requires the consent of the individual's Manager.
      4. APP_ADMIN_THEN_MANAGER: A two-step approval process. First, the App Admin needs to approve. If approved, the workflow moves to require the Manager's approval.
    2. Custom Approval Method: This is more suited, if Base approval method workflows do not suffice your org’s requirements for software provisioning. Customer Approval workflows are created separately in Moveworks Native Approvals module.
  2. Select the appropriate approval type
  1. If you have selected App_Admin or App_Admin_Then_Manager, then you will be required to add the email address of the Admin to which the approval will be sent.
  1. Business justification question can be updated using below config
  1. You can update the ticketing related workflows from the following configs

    1. Disable provisioning: If checked, we will not provision the app to the user, even if their request is approved.
    2. Disable ticket closure: If checked, we will leave the ticket open after the app is successfully provisioned so the support agent can manually take further actions.
    3. Define or Update assignment of the ticket: You can either assign the ticket to a user or to an assignment group. For that, select the appropriate ticket assignee and input the details (External ID of the user in case of specific user; Assignment Group name in case of Assignment Group.
  2. You can also update the texts to display once the software is successfully provisioned to the requester using following configs.

  1. You can add a text to display to the users if they already have access to the app using Provisioned user instructions config.
  1. Submit the changes.
  2. Once you submit the changes, you can see a new software catalog entry present in the home screen of Access Software module.

Creating a Role-Based Provisioning Software or App

  1. Navigate to Access Software > Software Catalog.
  2. Click on “Create
  3. Input the name of the software or app.

⚠️

Important note for Software Name

Use the search input for this config to find the software/application entity you want to configure. These entity names are identifiers that are unique to Moveworks and serve our entity detection models to predict which application a user is referring to. Currently, search results will not include organization-specific entities. To configure those, contact Moveworks Support.

  1. Check the “Enable in Bot” field to enable the software. You can also do this step later.
  2. Pretexts & External links are more suited for self-service software & apps, therefore this is optional and can be skipped.
  3. Select Provisioning Strategy = Role Based Provisioning.
  4. Choose the Integration (e.g. Okta or Azure Directory) that contains the group(s) related to provisioning access for this app.
  1. Now we need to define the different roles for the software to be provisioned with, This is defined in the Role Based Provisioning Roles section :
    1. To add a new Role, Click on the + icon
    2. Add the Unique Role Name which exists within the App.
    3. Next we input the Description so that users can determine which role is right for them
    4. Add a user-facing name for the role, so its easily identifiable.
    5. Finally we need to add the corresponding External ID of the group that backs the role (This should be derived from the corresponding provisioning system like Okta or AD).
  1. If you wish to delete a role

    1. Click on the delete icon against the role. Please make sure, there are atleast 2 entries in the Role-based provisioning.
    2. If you wish to update a role, simply change the canonical role name, description, user-facing name or external ID as per needs.
    3. You can add a hint text, that a user can use to decide which role would suit them the best. Note this is an optional field and can be left blank.
  2. We also need to define the Type of the role that will be provisioned.There are 4 kinds of Types which can be selected.

    1. ROLE - Default ROLE type which is assigned to the user when requesting App or Software

    2. ENVIRONMENT - An Environment level role which might exist for the App or Software

    3. LICENSE - A License Based role which is associated with the App or Software

    4. VERSION - A version based role which is associated with the App or Software

    5. UNKNOWN - This is picked when the user is unsure about the Type of the role being provisioned.

📘

The Type config does not influence any changes in the AI Assistant behaviour with the user when requesting software

This control is used in the Ticket which is filed when the user requests for a Software or Application. Depending on the Type of Role selected the AI Assistant will add a Worknote to the filed ticket which will include this information.

  1. Select the appropriate approval method for the software.
    1. Base Approval Method: These are pre-defined approval workflows. Most commonly used Base approval methods are mentioned below. You can learn more about Base Approval types [here](https://help.moveworks.com/docs/moveworks-setup-native-approval-settings
    2. AUTO_APPROVE: Here, tasks or requests are automatically approved, bypassing the need for an approving authority.
    3. APP_ADMIN: The Application Administrator's approval is necessary to carry out certain functions.
    4. MANAGER: This type of approval requires the consent of the individual's Manager.
    5. APP_ADMIN_THEN_MANAGER: A two-step approval process. First, the App Admin needs to approve. If approved, the workflow moves to require the Manager's approval.
  2. Custom Approval Method: This is more suited, if Base approval method workflows do not suffice your org’s requirements for software provisioning. Customer Approval workflows are created separately in Moveworks Native Approvals module.
  3. Select the appropriate approval type
  1. If you have selected Add_Admin or Add_Admin_Then_Manager, then you will be required to add the email address of the Admin to which the approval will be sent.
  1. Business justification question can be updated using below config
  2. You can update the ticketing related workflows from the following configs
    1. Disable provisioning: If checked, we will not provision the app to the user, even if their request is approved.
    2. Disable ticket closure: If checked, we will leave the ticket open after the app is successfully provisioned so the support agent can manually take further actions.
    3. Define or Update assignment of the ticket: You can either assign the ticket to a user or to an assignment group. For that, select the appropriate ticket assignee and input the details (External ID of the user in case of specific user; Assignment Group name in case of Assignment Group.
  3. You can also update the texts to display once the software is successfully provisioned to the requester using following configs.
  1. You can add a text to display to the users if they already have access to the app using Provisioned user instructions config.
  1. Submit the changes.
  2. Once you submit the changes, you can see a new software catalog entry present in the home screen of Access Software module.

How To Manage already Provisioned Softwares

Self Service provisioning use-cases

Updating Self-Service instructions for the Software or App

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you update the self-service instructions.
  3. Ensure you have provisioning strategy selected as Self Service provisioning
  4. Update the Title & Body as per your requirements for self-servicing the software. Tip: It is best to add a self-service URL in the self-service provisioning message body.

Updating Pretext & External links related to the app

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you update the pretext and external links related to the app.
  3. Ensure you have provisioning strategy selected as Self Service provisioning.
  4. Update the Pretext and External links. Refer to the below example for reference.
  1. Submit the changes.

Group-based provisioning use-cases

Updating the External ID of the Identity system

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you update the External ID of the group.
  3. Ensure you have provisioning strategy selected as Group based provisioning
  4. Change the External ID of the group that backs the software role.
  1. Submit the changes.

Role-based provisioning use-cases

Adding or Updating Roles for a Software Catalog

  1. Navigate to Access Software > Software Catalog.

  2. Click “Edit” corresponding to the software for which you wish to update roles for the software.

  3. Ensure you have provisioning strategy selected as Role based provisioning

  4. Now we need to define the different roles for the software to be provisioned with, This is defined in the Role Based Provisioning Roles section :

    1. To add a new Role, Click on the + icon

    2. Add the Unique Role Name which exists within the App.

    3. Next we input the Description so that users can determine which role is right for them

    4. Add a user-facing name for the role, so its easily identifiable.

    5. Finally we need to add the corresponding External ID of the group that backs the role (This should be derived from the corresponding provisioning system like Okta or AD).

  5. If you wish to delete a role

    1. Click on the delete icon against the role. Please make sure, there are atleast 2 entries in the Role-based provisioning.
  6. If you wish to update a role, simply change the canonical role name, description, user-facing name or external ID as per needs.

  7. Submit the changes.

Update Hint to the user to indicate which role would suit them best

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you wish to update hint to the user to indicate which role would suit them best.
  3. Ensure you have provisioning strategy selected as Role based provisioning
  4. Update the hint that a user can use to decide which role would suit them the best. Note this is an optional field and can be left blank.
  5. Submit the changes.

Common use-cases

I want to enable/ disable a software or app for in-bot provisioning

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software which you want to enable or disable.
  3. Uncheck the field “Enable in Bot” if you wish to disallow provisioning of the software and vice-versa.
  1. Submit the changes.

📘

Important Note:

  1. “Enable in Bot” configuration takes precedence over Access rule.
  2. With the Access Rule configuration, admins can do a limited rollout for specific users to test the software provisioning and later turn it ON for all employees.
  3. Currently this field is not available for customers to edit. It will be made available shortly.

I want to change the provisioning system

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you wish to change the provisioning system.
  3. Ensure you have provisioning strategy selected as Role or Group based provisioning.
  4. Click on the Integration dropdown in case of Group based provisioning. In case of Role based provisioning, click on the Role based provisioning integration ID.

📘

Note

If you are changing the provisioning system, corresponding External ID(s) should be updated in the Group or Role based provisioning configs.

  1. Submit the changes.

I want to change the approval flows

  1. Navigate to Access Software > Software Catalog.

  2. Click “Edit” corresponding to the software for which you wish to change the approval flows.

  3. Ensure you have provisioning strategy selected as Role or Group based provisioning as Approval flows are applicable only for these provision types.

  4. Case 1: If Approval method = Base approval

    1. Click on the base approval model dropdown and select the desired approval type.

    2. If you are changing the base approval model to App_Admin or App_Admin_then_Manager, you will be required to input the Admin email in the config field.

    1. For more details about different base approval models, refer this help page.
  5. Case 2: If Approval method = Custom approval

    1. Click on the custom approval model dropdown and select the desired approval type.

    2. If your desired custom approval model is not present and needs to be created afresh, you will be required to created a custom approval flow in Moveworks Native Approvals first and then update here.

  6. Submit the changes.

I want to update provisioning related messages & questions

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you wish to update provisioning related messages & questions
  3. Updating Business justification text/ question
    Business justification question can be updated using below config (depending upon which provisioning type, you are opting for).
  1. Updating Post-provisioning message
    Provisioning message can be updated using following configs.
  1. Updating message for the user when software is already provisioned
    This can be changed by updating the provisioned user instructions config.
  1. Submit the changes.

I want to update ticketing related workflows

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you wish to update the ticketing related workflows
  3. Disable provisioning: If checked, we will not provision the app to the user, even if their request is approved.
  4. Disable ticket closure: If checked, we will leave the ticket open after the app is successfully provisioned so the support agent can manually take further actions.
  5. Define or Update assignment of the ticket: You can either assign the ticket to a user or to an assignment group. For that, select the appropriate ticket assignee and input the details (External ID of the user in case of specific user; Assignment Group name in case of Assignment Group.
  6. Submit the changes.