Appmarks for proxy and SSO applications are intended only for display and convenience. They are not connected to any authorization policy or access control list (ACL). The SSO and proxy appmark URLs are still available to be used by anyone who knows the link in the URL field. However, selecting or deselecting the Public option when configuring an appmark determines whether the appmark actually appears for the users in a group. If you deselect the Public check box, the appmark is not available for users until you map the appmark to one or more groups in your configured identity source. After mapping is completed, users in those mapped groups can see the appmark on the landing page or mobile device.
The following procedure assumes that you have already configured an appmark and applied the change on the appliance.
To map an appmark to a group in your identity source:
Switch to the Policy page of the administration console.
On the left side, locate the identity source that has the desired group (listed as Role Name) from the list.
On the right side, select Other Applications from the list.
Select the Authorization Name of the appmark and drag it to a Role Name.
In the mapping window, there are no approvals for appmarks because there is no account provisioning in this process. Users who are included in the group are automatically approved. Click OK to continue.
Now when users who are in the mapped group do a refresh in the MobileAccess app or access the landing page, they see the new appmark icon. Users who are not in the mapped group do not see the icon.