Lifecycle Management (Fulfillment Setting) in the Cloud Administration Console

The RSA Cloud Access Service Lifecycle Management feature enables users to discover, request, and gain access to applications directly from My Page. This feature streamlines access management by aligning approval workflows with the sensitivity of each application, reducing reliance on help desks and enhancing the overall user experience.

With the Lifecycle Management feature, organizations can deliver a user-friendly, self-service model for application access, while administrators maintain control through configurable policies and automated approval.

Overview

Use the Lifecycle Management feature in the following scenarios: 

• Enable self-service access requests for different applications.

• Support approval workflows based on application sensitivity (for example, auto-approval, manager approval, application owner approval, or both).

• Reduce the workload on IT and help desk teams.

• Improve user visibility into available applications and access levels.

• View and manage users who gained access through Cloud Access Service as well as those granted access outside of it. When Fulfillment is enabled and the application is published, ID Plus automatically synchronizes all access, including users and groups granted access outside of CAS, from the application and its identity sources. This applies to both new applications with Fulfillment enabled and existing applications after their Fulfillment settings are updated and republished.
  

Note:  The Lifecycle management feature is available as an add-on for ID Plus E2 and E3 plans.

Prerequisites

Before enabling the Lifecycle Management feature, administrators need to do the following:

• Obtain LDAP Identity Sources, SCIM Endpoint, or Entra ID configuration details from the service provider to grant default access to the requested application.

• Configure Cloud Access Service - Planning Access Policies to control which users are granted access to an application by default, and which users are allowed to request access.

• In the Cloud Administration Console, ensure user attributes and roles are accurately defined and mapped. For more information, see Add, Delete, and Test the Connection for an Identity Source in Cloud Access Service.

• Configure the application in the Cloud Administration Console with an application owner. For more information, see My Page applications (for example, Add an OIDC Application).

   

Optional Lifecycle Management Features

The following are optional features for Lifecycle Management: 

• You can enable Application Roles to define roles and set conditions, providing users with attribute-based access to the application.

  Note:  If a user does not match any configured roles, they can still request access to the application. In such cases, they will receive the default access level specified in the fulfillment configuration.

• You can allow approvers to add users to roles or groups.

• You can allow approvers to assign/ unassign users to specific roles or groups via My Page during active requests. For more information, see Manage My Applications

   

How Lifecycle Management Works

When users log in to My Page, they can request access to an application in the App Catalog that they do not already have access to. Based on the application's Fulfillment configuration, the request is either:

• Auto-approved

• Sent for manager approval

• Sent for application owner approval

• Requires both manager and application owner approvals

Once the request is approved, users can access the application according to their assigned access level.