Last week, we talked about how to install the Flexera App Portal. This week we are going to talk about how to configure it once it is installed. There are several configuration tasks, which must be completed before we can actually add anything to our catalog.
Assigning Permissions
The first thing we must do is assign administrative users to our site. To do this, click on Site Management, then Admin Security. Now, select “Add User / Group”. Now type a user or group name in the search box, and press Search. Select the appropriate user, and then assign the appropriate rights in the lower portion of the box. To make a user or group a full administrator, add “Read / Write / Delete” to all options, as shown here:
After the account is added, you are presented with a slider that can be used in the future to modify permissions.
If you click through all of the tabs, you will see that the account you added is on every tab with the “Read / Write / Delete” setting.
Those settings were for the overall site. Now we need to add rights to the catalog. Select “Catalog Security” in the left pane, then “Add User / Group”.
The only confusing right here may be “Manage All Requests”. By granting “Remove” rights, you are also granting “Modify” rights.
I recommend using an AD group to assign your administrator access. I would also recommend making any user who has the “Full Administrator” security role, “Application Administrator” security role, or “Application Deployment Manager” security role in SCCM as an administrator in App Portal. This will make processing and approving application requests through App Portal must simpler.
Settings
Now we need to look at the Settings tab. Two very important settings exist on the first page. The first one is “Enable Site”. When this box is not checked, only administrators can log into the site. A user will be presented a page that says that the site is disabled.
Next, the “User / Computer relationship” options are very important. I recommend changing this option to “User Device Affinity”. When set to this, App Portal will use the primary user for the device to define its relationship. This is only available in CM 2012. If you still use SCCM 2007, I would leave it set to last logon user. The second option, “Use SCCM Primary Console Usage”, defines the relationship by using the SCCM 2007 feature of tracking the login duration to define the primary user. The third option, “User AD Computer Managed By”, assigns the relationship based on the “ManagedBy” AD attribute. If this setting is used, you must make SCCM discover this AD attribute.
Web Site Tab
Next, lets move to the web site tab. On the first subtab, we have a lot of options. The first one to focus on is “Licensed Collection”. If you specify a collection here, only those devices will be able to use App Portal. This is a good way to control your App Portal license if your entire organization does not need App Portal. The “Exclude Collection” option is just the opposite – it will prevent those devices from using App Portal while allowing the rest.
Two more settings to pay attention to are the Site Title (the title of site presented to users) and Computer Discovery Method (how App Portal finds devices). Modify these as you see fit.
We will come back to this page later to define our default workflow, default workflow group, and default category.
Next, you can define catalog appearance and behavior by using the next two subtabs. Set these settings as you see fit for your organization.
SCCM and Active Directory Tabs
The SCCM and Active Directory tabs are used to define your SCCM and AD settings. The items in these tabs define how App Portal interacts with SCCM and AD. You should only need to modify these settings if your SCCM server changes or something about AD changes. One thing to pay careful attention to is the account settings in the AD tab. Make sure to leave the username / password options blank if you are using the application service account to connect to AD. These settings are used to specify a service account to handle AD communication.
The remaining tabs for Settings are all organization based, so I will not be going into much detail on them. Set them according to your organization’s requirements.
Be sure to come back next week for more about the Flexera App Portal.