Managing Tags
You can use tags to manage clientless access for a set of applications. Tags enable administrators to categorize resources by purpose, owner, environment, or other criteria.
Tags can help to:
-
Manage access at scale - easily manage access to hundreds of servers with a few clicks.
-
Manage access to dynamic services - together with resource discovery, you can manage access to services as they are shut down and set up dynamically.
-
Organize user portal - bundle applications together to a folder, for easier access by the end users.
Inspired by AWS Tagging Best Practices, each tag consists of a Key and Value pair:
-
Key: Determines the method of the application grouping. Examples for commonly used keys are Environment, Cluster
Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing., Group, Data center, etc. Each key holds a designated color to help you navigate.
-
Value: Tag value is the application group name, based on the key. For example, values for the Environment key can be Production, Dev, and Staging.
From an end-user perspective, tags can be translated to folders in the User App Portal. Hence, users can view all the applications assigned to a specific tag in a designated folder in their portal.
Manage Tags with Harmony Connect Application-Level
You can add and populate tags with two methods:
-
Resource Discovery - The AWS Discovery allows administrators to automatically fetch AWS tags and instances, and create a continuous sync.
-
Locally - Create tags by defining keys and values, populate them with applications, and assign them to groups.
To manage tags locally:
-
Click the Edit Keys option in the Tags page to add keys to the system. This window allows you to add new keys, edit, and delete existing keys.
-
Click the Add Tag button to create tags and assign values to the keys you created.
-
Click Save.
-
Managing Local Groups
Group assignment to an application can be done in two ways:
-
Directly: the group is matched to an application.
-
Through tag: the group is assigned to a tag that contains the application.
This can be done:
Hence, a user can be assigned to an application through multiple sources (directly / tags), you can view it in the access permissions tab.
Note - You can only unassign the user directly / through tag, based on the assignment type.
Folders
You can choose to display a tag as a folder in the portal by marking the selection box when adding a tag. This can be edited at any given time. The behavior is based on the way the user is assigned to the application:
-
Directly - Application appears in the general portal page.
-
Through a tag (non-folder) - Application appears in the general portal page.
-
Through a tag (folder) - Application appears inside the tag folder.
If a user is assigned through multiple sources, the application appears in several folders or in both a folder and the general portal page.