Applications

4min

An application links together Policies with a Provider, allowing you to control access. It also holds Information like UI Name, Icon and more.
Authorization
To configure access to applications, you can use Policy Bindings. You can access this feature by selecting an application from the applications list and clicking on the Policy/Group/User Bindings tab. If no users, groups, or policies are bound, then everyone has access to the application. By binding users, groups, or policies, you can grant specific access to selected individuals or dynamically grant access through policies.
When multiple policies/groups/users are attached, the Policy engine mode can be configured in order to:
Require users to pass all bindings/be member of all groups (ALL), or
Require users to pass either binding/be member of either group (ANY)
Appearance
Kubeark alloes for customizable parameters. The following aspects can be configured:
Name: the name of the application displayed on the application card
Launch URL: the URL that the user is directed to when clicking on the application card, which can be left empty or filled with placeholders for dynamic construction of the URL based on logged-in user
Icon (URL): an optional icon URL for the application that can be entered as an absolute URL if no volume is mounted under /media, or uploaded if a mount exists under /media
Publisher: the text shown below the application card indicating the publisher of the application
Description: subtext displayed on the application card under the publisher information, providing additional details about the application.
Applications are displayed in the following scenarios:
The user has access defined via policies (or the application has no policies bound)
A Valid Launch URL is configured/could be guessed. This consists of URLs starting with http:// and https://
Hiding applications
Launch URLs
To hide applications without modifying policy settings and without removing it, you can simply set the Launch URL to blank://blank, which will hide the application from users.
Keep in mind, the users still have access, so they can still authorize access when the login process is started from the application.
To give users direct links to applications, you can use URLs such ashttps://kubeark.company/application/launch/<slug>/. This will redirect the user directly if they're already logged in, and otherwise authenticate the user, and then forward them.
﻿

Updated 19 Apr 2024

Did this page help you?

Core concepts

Certificates