Enabling Zilla Applications and Permissions

You can configure Zilla so that access to applications and permissions can be requested through your ticketing system portal.

This article covers the following topics:

1 Prerequisites
2 Enabling Requests for Applications
- 2.1 Option 1: Configure Applications
- 2.2 Option 2: Application Profile
3 Specifying the Approval Assignment Workflow
4 Specifying the Fulfillment Method
- 4.1 Editing Permissions Request and Fulfillment Capabilities

Prerequisites

Admin or application owner permissions in Zilla
Provisioning is enabled in your Zilla tenant

Enabling Requests for Applications

You can specify which applications are available for requests in two ways.

Option 1: Configure Applications

Expand the Provisioning menu item on the left side of the page and click Configure Applications.
You can edit the applications individually to allow or prevent apps from being requested or use the Take Action dropdown to update all of the applications in bulk.

Option 2: Application Profile

Click the Applications menu item on the left side of the page and click on the desired app.
Click the Profile tab and click Edit in the Access Request Summary section.
Enable the application for access requests, set the approval assignment workflow and specify the default fulfillment method for the application.

Specifying the Approval Assignment Workflow

Zilla automates the approval assignment for access requests, and you can select which approval assignment workflow is used for each application.

Business Owner: The Business Owner of the requested application is assigned to the request ticket for review and approval.
Supervisor: The Supervisor of the user for whom the access is being requested is assigned to the request ticket for review and approval.
Supervisor & Business Owner: Both the Supervisor of the user for whom the access is being requested and the Business Owner of the application are assigned to the request ticket for review and approval.
Permission or Resource Owner: If an owner is assigned to the permission, they are assigned to the request ticket for review and approval. If this option is selected and no permission owner is available, then the Business Owner of the application is assigned to the request ticket for review and approval.

Specifying the Fulfillment Method

A fulfillment method can be selected to specify how application accounts and permissions are granted for the user.

Auto-API: This option is available for applications with direct API connections that are enabled for provisioning. If selected, all permissions can initially be requested and will be fulfilled using the API, but these settings can be adjusted at the individual permission level.
Auto-IdP: This option is available for applications that use and are provisioned through your Identity Provider (for example, Okta, Azure Active Directory/Entra ID). If selected, all group permissions can initially be requested and are available for association with the Identity Provider’s respective group. These settings can be adjusted at the individual permission level.
- Note: Identity Providers (IdPs) are only available for selection if they can be requested and configured with API provisioning.
Service Desk: This option is available for applications that follow a manual process for granting access and are assigned to the Service Desk for fulfillment.

Editing Permissions Request and Fulfillment Capabilities

Individual permissions (for example, permissions, groups, roles, etc.) within applications can be enabled or disabled for requests. Permissions enabled for requests will be available on the request form and portal. The fulfillment method for the permission specifies if the Service Desk provisions the access or if automated provisioning is used either with API connectivity or through the Identity Provider.

Auto-API: Applications using native API and enabled for provisioning can directly fulfill requests for permissions. The fulfillment method for a permission can also be set to Service Desk so that a user can take action.

Auto-IdP: Applications that are configured to provision and provide access through your Identity Provider can have the permissions assigned to a corresponding Identity Provider group that provisions the access.

Service Desk: Applications that are configured with this method can provision access through a Service Desk interaction.