Applications
An application links together Policies with a Provider, allowing you to control access. It also holds Information like UI Name, Icon and more.
To configure access to applications, you can use Policy Bindings. You can access this feature by selecting an application from the applications list and clicking on the Policy/Group/User Bindings tab. If no users, groups, or policies are bound, then everyone has access to the application. By binding users, groups, or policies, you can grant specific access to selected individuals or dynamically grant access through policies.
When multiple policies/groups/users are attached, the Policy engine mode can be configured in order to:
- Require users to pass all bindings/be member of all groups (ALL), or
- Require users to pass either binding/be member of either group (ANY)
Kubeark alloes for customizable parameters. The following aspects can be configured:
- Name: the name of the application displayed on the application card
- Launch URL: the URL that the user is directed to when clicking on the application card, which can be left empty or filled with placeholders for dynamic construction of the URL based on logged-in user
- Icon (URL): an optional icon URL for the application that can be entered as an absolute URL if no volume is mounted under /media, or uploaded if a mount exists under /media
- Publisher: the text shown below the application card indicating the publisher of the application
- Description: subtext displayed on the application card under the publisher information, providing additional details about the application.
Applications are displayed in the following scenarios:
- The user has access defined via policies (or the application has no policies bound)
- A Valid Launch URL is configured/could be guessed. This consists of URLs starting with http:// and https://
To hide applications without modifying policy settings and without removing it, you can simply set the Launch URL to blank://blank, which will hide the application from users.
Keep in mind, the users still have access, so they can still authorize access when the login process is started from the application.