I am going to be starting to on board a lot of apps but do not fully understand what the differences are between the types of data to collect. Does anyone have a guide or any documentation which explains this part of the process?
Not sure to which section you refer exactly, but here is my understanding
To simplify things, some applications are using an authorization model similar to resource-action entitlements, and others using application roles.
What is resource action?
An example is better for understanding. If you have a door (resource) you have possible set of actions you can perform on it. Like: open, close, lock
In that case, possible entitlements you can assign to an account are:
What is application role?
An application role can be considered as aggregation of several entitlements for the same application.
Let's take for example application (Concur) that manages expenses.
In that application you will have a Requestor app-role and Approver app role.
Requestor will have the following entitlements:
Approver will have the following entitlements:
By requesting an app role explicitly, the application (concur) will assign the associated entitlements implicitly.
For a better visibility, you can collect the approle - entitlements relationship to RSA G&L (if available)
With regards to the check boxes in your screen shot.
When you choose accounts, you will be able to collect approles/entitlements which will be associated to an account.
After collection, you will see it under the Access tab for a user's record.
When you choose groups, you will be able to collect approles/entitlements which will be associated to a group.
After collection, you will see it under the Access tab for a group's record.
This is great thanks Boris!
Retrieving data ...