# Setting up an application This guide explains how to make an application available in **SelfService** under **Launchpad** and **My Applications**. In OpenIAM, access to an SSO application is tied to the application's **Authentication Provider** and its linked **Resource**. To make an application visible in **Launchpad**, grant access to that linked resource. You can grant access directly to the user or indirectly through a role or group. Once access is granted, the application appears in **Launchpad** and under **My Applications**. ## Methods of granting access to SSO applications Users can gain access to SSO applications in several ways: 1. **Via Webconsole** Administrators can assign access directly or through **Roles** and **Groups**. For role setup, see [Creating a role](/automated-user-provisioning/creating-a-role.md). 2. **Via synchronization from an HR system** User entitlements can be synchronized from an **HR system** or another external source. See [Import entitlements](/access-control/application-entitlements.md). 3. **Via business rules** Some users can receive access automatically through predefined **birthright rules**. 4. **Via SelfService request** Users can request access to applications through the **SelfService** catalog. ## Checking user access to SSO applications There are multiple ways to verify whether a user has access to a specific application. {% stepper %} {% step %} #### Check the Authentication provider To check which authentication provider is used for an SSO application: 1. Go to **Webconsole** → **Access Control** → **Authentication Providers**. 2. Click **Edit** on the relevant authentication provider. Applications shown in **Launchpad** usually use providers such as `OAUTH-CLIENT` or `SAML_PROVIDER`.
{% endstep %} {% step %} #### Check the linked resource Authentication providers do not hold entitlements directly. Their linked **Resources** do. To verify access: 1. Open the authentication provider. 2. Click **Linked to Resource** to open the resource. ![](/files/463139e8904938f8a568777b8b2d63d5ffb4b2e4) {% endstep %} {% step %} #### Verify resource entitlements In the **Resource Edit** window: 1. Navigate to the **Entitlements** tab in the side menu. 2. Review the assigned **Users**, **Roles**, and **Groups**. A user can gain access to the application in any of these ways: * Direct assignment to the resource * Assignment through a role * Assignment through a group {% endstep %} {% step %} #### Check user entitlements To check whether a specific user has access to an SSO application: 1. Go to **Webconsole** → **User Admin** → **User Search**. 2. Open the user record. 3. Navigate to **User Entitlements**. 4. Select the **Resources** tab.
The entitlement view shows the **Roles**, **Groups**, and **Resources** assigned to the user. {% endstep %} {% step %} #### Self-check via SelfService Users can verify their own entitlements through SelfService by: 1. Going to **SelfService** → **My Access**. 2. Reviewing the list of **Groups** and **Roles** they are assigned to. This ensures transparency in access management and allows users to confirm their permissions without administrator intervention. {% endstep %} {% endstepper %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs-beta.openiam.com/access-control/setting-up-an-application.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.