How to guides for Access Software

1. Create provisioning for new Software or App

1.a. I want to create a Self-Service Provisioning Software or App

  1. Navigate to Access Software > Software Catalog.
  2. Click on “Create
  3. Input the name of the software or app.

⚠️

Important note for Software Name

Use the search input for this config to find the software/application entity you want to configure. These entity names are identifiers that are unique to Moveworks and serve our entity detection models to predict which application a user is referring to. Currently, search results will not include organization-specific entities. To configure those, contact Moveworks Support.

  1. Check the “Enable in Bot” field to enable the software. You can also do this step later.
  1. Update the Pretext and External links. Refer to the below example for reference.
  1. Select Provisioning Strategy = Self Service Provisioning.
  2. Update the Title & Body as per your requirements for self-servicing the software.

📘

Tip

It is best to add a self-service URL in the self-service provisioning message body.

  1. Submit the changes.
  2. Once you submit the changes, you can see a new software catalog entry present in the home screen of Access Software module.

1.b. I want to create a Group-Based Provisioning Software or App

  1. Navigate to Access Software > Software Catalog.
  2. Click on “Create
  3. Input the name of the software or app.

⚠️

Important note for Software Name

Use the search input for this config to find the software/application entity you want to configure. These entity names are identifiers that are unique to Moveworks and serve our entity detection models to predict which application a user is referring to. Currently, search results will not include organization-specific entities. To configure those, contact Moveworks Support.

  1. Check the “Enable in Bot” field to enable the software. You can also do this step later.
  2. Pretexts & External links are more suited for self-service software & apps, therefore this is optional and can be skipped.
  3. Select Provisioning Strategy = Group Based Provisioning.
  4. Choose the Identity system Integration (e.g. Okta or Azure Directory) that contains the group related to this app.
  5. Input the corresponding External ID of the group that backs this role.
  1. Select the appropriate approval method for the software.
    1. Base Approval Method: These are pre-defined approval workflows. Most commonly used Base approval methods are mentioned below. You can learn more about Base Approval types [here](https://help.moveworks.com/docs/moveworks-setup-native-approval-settings
      1. AUTO_APPROVE: Here, tasks or requests are automatically approved, bypassing the need for an approving authority.
      2. APP_ADMIN: The Application Administrator's approval is necessary to carry out certain functions.
      3. MANAGER: This type of approval requires the consent of the individual's Manager.
      4. APP_ADMIN_THEN_MANAGER: A two-step approval process. First, the App Admin needs to approve. If approved, the workflow moves to require the Manager's approval.
    2. Custom Approval Method: This is more suited, if Base approval method workflows do not suffice your org’s requirements for software provisioning. Customer Approval workflows are created separately in Moveworks Native Approvals module.
  2. Select the appropriate approval type
  1. If you have selected App_Admin or App_Admin_Then_Manager, then you will be required to add the email address of the Admin to which the approval will be sent.
  1. Business justification question can be updated using below config
  1. You can update the ticketing related workflows from the following configs

    1. Disable provisioning: If checked, we will not provision the app to the user, even if their request is approved.
    2. Disable ticket closure: If checked, we will leave the ticket open after the app is successfully provisioned so the support agent can manually take further actions.
    3. Define or Update assignment of the ticket: You can either assign the ticket to a user or to an assignment group. For that, select the appropriate ticket assignee and input the details (External ID of the user in case of specific user; Assignment Group name in case of Assignment Group.
  2. You can also update the texts to display once the software is successfully provisioned to the requester using following configs.

  1. You can add a text to display to the users if they already have access to the app using Provisioned user instructions config.
  1. Submit the changes.
  2. Once you submit the changes, you can see a new software catalog entry present in the home screen of Access Software module.


1.c. I want to create a Role-Based Provisioning Software or App

  1. Navigate to Access Software > Software Catalog.
  2. Click on “Create
  3. Input the name of the software or app.

⚠️

Important note for Software Name

Use the search input for this config to find the software/application entity you want to configure. These entity names are identifiers that are unique to Moveworks and serve our entity detection models to predict which application a user is referring to. Currently, search results will not include organization-specific entities. To configure those, contact Moveworks Support.

  1. Check the “Enable in Bot” field to enable the software. You can also do this step later.
  2. Pretexts & External links are more suited for self-service software & apps, therefore this is optional and can be skipped.
  3. Select Provisioning Strategy = Role Based Provisioning.
  4. Choose the Integration (e.g. Okta or Azure Directory) that contains the group(s) related to provisioning access for this app.
  1. If you wish to add a role
    1. Click on the + icon
    2. Add the unique role within the app
    3. Input the description so that users can determine which role is right for them
    4. Add a user-facing name for the role
    5. Add the corresponding external ID of the group that backs the role (This should be derived from the corresponding provisioning system like Okta or AD).
  1. If you wish to delete a role
    1. Click on the delete icon against the role. Please make sure, there are atleast 2 entries in the Role-based provisioning.
    2. If you wish to update a role, simply change the canonical role name, description, user-facing name or external ID as per needs.
    3. You can add a hint text, that a user can use to decide which role would suit them the best. Note this is an optional field and can be left blank.
  2. Select the appropriate approval method for the software.
    1. Base Approval Method: These are pre-defined approval workflows. Most commonly used Base approval methods are mentioned below. You can learn more about Base Approval types [here](https://help.moveworks.com/docs/moveworks-setup-native-approval-settings
    2. AUTO_APPROVE: Here, tasks or requests are automatically approved, bypassing the need for an approving authority.
    3. APP_ADMIN: The Application Administrator's approval is necessary to carry out certain functions.
    4. MANAGER: This type of approval requires the consent of the individual's Manager.
    5. APP_ADMIN_THEN_MANAGER: A two-step approval process. First, the App Admin needs to approve. If approved, the workflow moves to require the Manager's approval.
  3. Custom Approval Method: This is more suited, if Base approval method workflows do not suffice your org’s requirements for software provisioning. Customer Approval workflows are created separately in Moveworks Native Approvals module.
  4. Select the appropriate approval type

  1. If you have selected Add_Admin or Add_Admin_Then_Manager, then you will be required to add the email address of the Admin to which the approval will be sent.
  1. Business justification question can be updated using below config
  2. You can update the ticketing related workflows from the following configs
    1. Disable provisioning: If checked, we will not provision the app to the user, even if their request is approved.
    2. Disable ticket closure: If checked, we will leave the ticket open after the app is successfully provisioned so the support agent can manually take further actions.
    3. Define or Update assignment of the ticket: You can either assign the ticket to a user or to an assignment group. For that, select the appropriate ticket assignee and input the details (External ID of the user in case of specific user; Assignment Group name in case of Assignment Group.
  3. You can also update the texts to display once the software is successfully provisioned to the requester using following configs.
  1. You can add a text to display to the users if they already have access to the app using Provisioned user instructions config.
  1. Submit the changes.
  2. Once you submit the changes, you can see a new software catalog entry present in the home screen of Access Software module.

2. Managing already provisioned softwares

Self Service Provisioning use-cases

I want to update self-service instructions for the software or app

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you update the self-service instructions.
  3. Ensure you have provisioning strategy selected as Self Service provisioning
  4. Update the Title & Body as per your requirements for self-servicing the software. Tip: It is best to add a self-service URL in the self-service provisioning message body.

I want to update pretext & external links related to the app

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you update the pretext and external links related to the app.
  3. Ensure you have provisioning strategy selected as Self Service provisioning.
  4. Update the Pretext and External links. Refer to the below example for reference.
  1. Submit the changes.

Group-based provisioning use-cases

I want to update the External ID of the Identity system

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you update the External ID of the group.
  3. Ensure you have provisioning strategy selected as Group based provisioning
  4. Change the External ID of the group that backs the software role.
  1. Submit the changes.

Role-based provisioning use-cases

I want to add/ update roles for a software

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you wish to update roles for the software.
  3. Ensure you have provisioning strategy selected as Role based provisioning
  4. If you wish to add a role
    1. Click on the + icon
    2. Add the unique role within the app
    3. Input the description so that users can determine which role is right for them
    4. Add a user-facing name for the role
    5. Add the corresponding external ID of the group that backs the role (This should be derived from the corresponding provisioning system like Okta or AD).
  5. If you wish to delete a role
    1. Click on the delete icon against the role. Please make sure, there are atleast 2 entries in the Role-based provisioning.
  6. If you wish to update a role, simply change the canonical role name, description, user-facing name or external ID as per needs.
  7. Submit the changes.

I want to update hint to the user to indicate which role would suit them best

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you wish to update hint to the user to indicate which role would suit them best.
  3. Ensure you have provisioning strategy selected as Role based provisioning
  4. Update the hint that a user can use to decide which role would suit them the best. Note this is an optional field and can be left blank.
  5. Submit the changes.

Common use-cases

I want to enable/ disable a software or app for in-bot provisioning

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software which you want to enable or disable.
  3. Uncheck the field “Enable in Bot” if you wish to disallow provisioning of the software and vice-versa.
  1. Submit the changes.

📘

Important Note:

  1. “Enable in Bot” configuration takes precedence over Access rule.
  2. With the Access Rule configuration, admins can do a limited rollout for specific users to test the software provisioning and later turn it ON for all employees.
  3. Currently this field is not available for customers to edit. It will be made available shortly.

I want to change the provisioning system

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you wish to change the provisioning system.
  3. Ensure you have provisioning strategy selected as Role or Group based provisioning.
  4. Click on the Integration dropdown in case of Group based provisioning. In case of Role based provisioning, click on the Role based provisioning integration ID.

📘

Note

If you are changing the provisioning system, corresponding External ID(s) should be updated in the Group or Role based provisioning configs.

  1. Submit the changes.

I want to change the approval flows

  1. Navigate to Access Software > Software Catalog.

  2. Click “Edit” corresponding to the software for which you wish to change the approval flows.

  3. Ensure you have provisioning strategy selected as Role or Group based provisioning as Approval flows are applicable only for these provision types.

  4. Case 1: If Approval method = Base approval

    1. Click on the base approval model dropdown and select the desired approval type.

    2. If you are changing the base approval model to App_Admin or App_Admin_then_Manager, you will be required to input the Admin email in the config field.

    1. For more details about different base approval models, refer this help page.
  5. Case 2: If Approval method = Custom approval

    1. Click on the custom approval model dropdown and select the desired approval type.

    2. If your desired custom approval model is not present and needs to be created afresh, you will be required to created a custom approval flow in Moveworks Native Approvals first and then update here.

  6. Submit the changes.

I want to update provisioning related messages & questions

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you wish to update provisioning related messages & questions
  3. Updating Business justification text/ question
    Business justification question can be updated using below config (depending upon which provisioning type, you are opting for).
  1. Updating Post-provisioning message
    Provisioning message can be updated using following configs.
  1. Updating message for the user when software is already provisioned
    This can be changed by updating the provisioned user instructions config.
  1. Submit the changes.

I want to update ticketing related workflows

  1. Navigate to Access Software > Software Catalog.
  2. Click “Edit” corresponding to the software for which you wish to update the ticketing related workflows
  3. Disable provisioning: If checked, we will not provision the app to the user, even if their request is approved.
  4. Disable ticket closure: If checked, we will leave the ticket open after the app is successfully provisioned so the support agent can manually take further actions.
  5. Define or Update assignment of the ticket: You can either assign the ticket to a user or to an assignment group. For that, select the appropriate ticket assignee and input the details (External ID of the user in case of specific user; Assignment Group name in case of Assignment Group.
  6. Submit the changes.