How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I add and update applications in the AM (All versions) Dashboard Service using ssoadm?

Last updated Apr 13, 2021

The purpose of this article is to provide information on adding and updating applications in the AM Dashboard Service using ssoadm. The default applications are Google®, SalesForce® and Zendesk®. This article also includes information on assigning applications to realms and users using ssoadm.


Updating existing applications

You can check the configuration for an existing application using the ssoadm get-sub-cfg command. For example, to check the configuration for the default Google application:

  • AM 7 and later: $ ./ssoadm get-sub-cfg -s dashboardService -g Google -u uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org -f pwd.txt
  • Pre-AM 7: $ ./ssoadm get-sub-cfg -s dashboardService -g Google -u amadmin -f pwd.txt

Example response:

dashboardLogin=http://www.google.com dashboardIcon=images/logos/googleplus.png dashboardClassName=SAML2ApplicationClass ICFIdentifier=idm magic 34 dashboardDisplayName=Google dashboardName=Google Sub Configuration DashboardService was retrieved.

Once you know what the current configuration is, you can update the application's configuration using the ssoadm set-sub-cfg command. For example, to change the name displayed on the dashboard for the Google application:

  • AM 7 and later: $ ./ssoadm set-sub-cfg -s dashboardService -g Google -u uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org -f pwd.txt -o set -a dashboardDisplayName="Google Apps"
  • Pre-AM 7: $ ./ssoadm set-sub-cfg -s dashboardService -g Google -u amadmin -f pwd.txt -o set -a dashboardDisplayName="Google Apps"

See Reference › Dashboard for further information on the available options.

Adding new applications

You can create new applications using the ssoadm create-sub-cfg command. You can exclude the ICFIdentifier attribute as it is not required (although it is added by default if you add the application via the console).

Example

This example demonstrates creating an application for Google Mail; you should ensure the logo you want to use exists in the directory specified (dashboardIcon):

  1. Create a data file (called DATA_FILE to match the next command) with the following contents: dashboardLogin=https://mail.google.com/mail dashboardIcon=images/logos/googlemail.png dashboardClassName=SAML2ApplicationClass dashboardDisplayName="Google Mail" dashboardName=GoogleMail
  2. Enter the following command:
    • AM 7 and later: $ ./ssoadm create-sub-cfg -s dashboardService -g dashboardApp -b GoogleMail -u uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org -f pwd.txt -D DATA_FILE
    • Pre-AM 7: $ ./ssoadm create-sub-cfg -s dashboardService -g dashboardApp -b GoogleMail -u amadmin -f pwd.txt -D DATA_FILE

Assigning applications to realms and users

Once you have configured your applications, you need to make them available in selected realms and/or to selected users.

Realms

For example, to make the Google and Zendesk applications available in the top level realm:

  • AM 7 and later: $ ./ssoadm set-svc-attrs -s dashboardService -e / -u uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org -f pwd.txt -a assignedDashboard=Google assignedDashboard=Zendesk
  • Pre-AM 7: $ ./ssoadm set-svc-attrs -s dashboardService -e / -u amadmin -f pwd.txt -a assignedDashboard=Google assignedDashboard=Zendesk

This command overwrites any existing applications that are available in the realm; if you already have applications available in the realm, you must include both the new and existing applications in this command.

Note

You may need to add the dashboardService if it is not assigned to the realm. You can do this by replacing set-svc-attrs in the above ssoadm command with add-svc-realm.

Users

For example, to make the Google application available to the demo user:

  • AM 7 and later: $ ./ssoadm set-identity-svc-attrs -s dashboardService -e / -t User -i demo -u uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org -f pwd.txt -a assignedDashboard=Google
  • Pre-AM 7: $ ./ssoadm set-identity-svc-attrs -s dashboardService -e / -t User -i demo -u amadmin -f pwd.txt -a assignedDashboard=Google

This command overwrites any existing applications that are available to the user; if you already have applications available to the user, you must include both the new and existing applications in this command.

Note

You may need to add the dashboardService if it is not assigned to the user. You can do this by replacing set-identity-svc-attrs in the above ssoadm command with add-svc-identity

See Also

FAQ: Installing and using ssoadm in AM

Setup Guide › Dashboards

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.