Business Owners for Application Integrations

Overview

In the context of application integrations, Business Owners are crucial individuals responsible for managing and overseeing access to connections and resources within an integrated application. These owners play a vital role in ensuring that access reviews, access requests, and other important tasks are properly handled for the connections and resources they're assigned.

This documentation will guide users through the concept of Business Owners, how to assign them, and the responsibilities associated with each role.

Who Are Business Owners?

Business Owners are designated individuals or groups with the authority to manage access to specific resources and connections within an integrated application (e.g., Okta, GitHub, Salesforce, etc.). They play a critical role in maintaining an organization's security posture by:

• Reviewing Access: Periodically assessing who has access to what.

• Approving or Denying Requests: Making decisions on new access requests.

• Ensuring Compliance: Keeping permissions up-to-date and aligned with the organization's security policies.

In essence, Business Owners are the key stakeholders who oversee access to the resources and connections under their purview.

Types of Business Owners

To provide flexibility, no single point of failure and ensure continuous oversight, you can assign two types of Business Owners:

• Primary Owner: This is the main individual designated as responsible for overseeing the application's resources and connections. The primary owner is typically the first point of contact for all access review campaigns and requests related to that application, and is expected to handle most of the required actions.

• Secondary Owner(s): These are additional individuals who can take over responsibilities if the primary owner is unavailable. Functionally, secondary owners have the exact same capabilities and authority as the primary owner. The key distinction is in their role: while the primary owner is the designated lead, secondary owners serve as crucial backups to ensure continuity in access management, preventing delays and ensuring that all necessary actions are taken promptly in the primary owner's absence.

How to Set Up Business Owners

To configure business owners for an application integration, follow these steps:

1. Open the Application Integration Setup Modal Navigate to the Integrations page under the Configure section. A list of application integrations will be displayed.

2. Select an application to setup business owners Choose which application integration you'd like to setup business owners. Click on the "Setup Business Owner" option. This will open a dialog with a table showcasing a list of connections and resources within your integration.

   

   
3. Assign Business Owners

   There are two methods for assigning Business Owners:

   1. Mapping via UI Select the connections/resources to map. Clicking on the "Map Business Owner(s)" will open a sidebar. Click on "Save changes" After selecting the desired Business Owners or click on "Map to App Owner(s)" to map the selected connections/resources to the application integration owner.

      
   2. Bulk Business Owner Mapping: Business Owners can be mapped by uploading the Business Owner mapping CSV. Simply click the “Map Business Owner(s)” button without selecting any connections or resources. This will open a side panel where you can download the mapping CSV. After filling in the CSV with the primary and secondary owner emails for a set of entities (connections/resources), upload it back using the same panel. The secondary owner emails should be separated by a semicolon (;). Once the mapping is complete, upload the CSV in the designated section of the side panel and click the “Upload New Mapping” button. The mapping will be processed and updated in the UI within a few minutes.

      

Why Are Business Owners Important?

Many enterprises have multiple applications federated with their primary Identity Provider (IDP) application (e.g., Okta, OneLogin). These federated applications are treated as separate resources during entitlement discovery. Since each resource is an application in itself, different users typically manage and oversee access to each application.

By assigning primary and secondary business owners to these application integrations, each set of owners can take responsibility for their specific application’s access reviews and requests. The primary owner is the main point of contact for managing and approving access, while the secondary owner serves as a backup.

This approach ensures that access reviews and requests are handled by the right individuals with the appropriate expertise for each application, improving efficiency. It also helps in maintaining segregation of duties, as different owners are responsible for different applications, reducing the risk of conflicts or errors. Ultimately, this helps in streamlining access management and ensuring that the right approvals are made in a timely and compliant manner.

Best Practices for Assigning Business Owners

• Ensure Clear Responsibility: Clearly assign the primary business owner to avoid confusion and ensure accountability. The primary owner should be someone who is actively involved in managing the connections/resources they are assigned to.

• Use Secondary Owners for Continuity: While there's no difference in the functional capabilities between a primary and secondary owner, we highly recommend assigning secondary owners for your applications. The primary owner is typically the main point of contact for all access management tasks related to the application. However, in cases where the primary owner is frequently unavailable, secondary owners can step in to perform any required actions on their behalf. This ensures continuity in access management, helps prevent delays, and guarantees that approvals and other critical tasks are handled promptly, even if the primary owner is out of office.

• Review Ownership Regularly: As teams and organization evolve, it's crucial to periodically review and update the assigned primary and secondary owners within BalkanID. Keeping these ownership assignments current ensures that access reviews and requests are always routed to the correct individuals, maintaining accuracy and efficiency in your access management processes.