When triaging your app inventory you can use the app status to record what you intend to do with each app. For apps that you plan to continue using, you can use either the "Managed" or "Accepted" states.
We recommend applying the "Managed" status to:
- Any apps that you pay for (either via a central IT budget or a departmental budget).
- Any apps which at least some of your organization's employees rely on in the course of their work.
- Your IdP(s) and any finance, contract management, HR or device management systems that you have connected to Trelica in order to import additional data or manage aspects of your IT estate.
In contrast, we recommend applying the "Accepted" status to any apps that do not incur any costs and which do not pose a security risk to your organization.
Distinguishing "Managed" apps from "Accepted" apps makes it easier to work with and prioritize your app inventory:
- For Managed apps, you can use Trelica to keep track of licenses, manage renewals, and optimize license allocations. You can also configure access policies or set up onboarding workflows to grant individuals access to apps.
- For Accepted apps, there is no need to optimize license allocations and manage renewals, but you can still use Trelica to monitor usage and ensure access to apps is revoked when people leave your organization.
You can change an app's status from the Apps inventory or from the individual app profile.
Assign owners to managed apps
We recommend that you assign an owner to each of your managed apps. You can also assign an IT admin for each app and create custom app roles. You can use app roles in workflows and when configuring access policies.
An app owner should be the person with overall responsibility for the app, including authorizing license spend and approving new app users. This might be a member of your central IT team or a person in the department that primarily uses (and procures) the app. Users in the Owner role for app can view all information relating to that app, including spend and contract information, users and access requests, and the integration settings.
Assigning an IT admin is useful if the person with budgetary responsibility for the app is not also responsible for technical tasks relating to the app. IT admins can view most of the app details, including users, access requests and integration settings, but they cannot view spend and contract information.
You can assign owners and/or IT admins to apps from the Apps inventory or from the Overview tab of an individual app. You can also assign owners and IT admins for non-managed apps if you wish.
Custom app roles
In addition to the owner and IT admin, you can define custom app roles to reflect different responsibilities in respect of particular apps. As with the owner and IT admin roles, you can send notifications and assign tasks to custom app roles from automated workflows.
To create custom app roles, navigate to Admin > Settings > Applications > Roles. You can also enable or disable the default app roles from here.
Grant people in app roles access to Trelica
App owners, IT admins and people assigned to custom app roles must be given access to Trelica so that they can view and manage the apps for which they are responsible.
Where possible, we recommend configuring SAML single-sign-on so that individuals can log in to Trelica via your IdP, or enabling account requests so that users can request access. If you only want users to see details of their assigned apps, set the default user role to App management. Alternatively, you can add users to Trelica manually. When you invite a user that has already been assigned an app role, they are granted the App management role by default. For more information, see User roles.
Connect managed apps to Trelica
Where possible, we recommend connecting your managed apps to Trelica directly. This helps to ensure you have accurate usage data on which to base license renewal and optimization decisions. For some apps, direct integrations also enable automatic provisioning and deprovisioning of app users from Trelica.
When you set an app's status to "managed" Trelica prompts you to set up a direct integration to the app (if one is available and you haven't connected the app already). Depending on the app, you may also be able to use the integration to trigger other app activities from Trelica, such as sending messages, controlling devices or updating tickets.
Connecting an app to Trelica typically requires admin access to the app in question - either to generate an API key or set up a dedicated service account. If you do not have admin access to an app, we recommend using the Invite to connect option to ask the app owner or IT admin to connect the app to Trelica.
When you invite a person to connect an app to Trelica, a task is created with a link to the app integration page. The task assignee is also notified by email.
Next steps
Once you have identified your managed apps and assigned owners and IT admins to them, these users can use Trelica to:
Comments
0 comments
Please sign in to leave a comment.