Identity Manager has an easy-to-use web interface where the operator can manage identities, cards and credentials; and run predefined queries, reports, filters and statistics. The available tasks depend on the configuration that has been set up in Identity Manager Admin.
The Identity Manager Operator user interface is available as an HTML5 application.
Depending on the user’s role and permissions, different navigation options and user actions are possible, such as, types of data objects visible or tasks that can be performed. See here for more information regarding roles in Identity Manager. There is multi-language support, and the default language is based on the language of the client’s operating system. For more information regarding language setup, see Translate interface texts in Identity Manager.
These are the available login options that can be configured:
- Username and password
- Single Sign-On via SAML
- Client certificate
Depending on how the tenants are configured you see all of the login methods or just a subset.
You can also select language.
There is a logout button for SAML in Identity Manager, if you use that button you are not asked again for your credentials when you log in again with SAML, the SAML ticket stays valid. This is referred to as user session logout.
Configure authentication methods for login
In the Admin page of Identity Manager Operator you configure the authentication methods to be displayed on the login page. The respective authentication profile must have been configured as well. At least one authentication method must be displayed.
On the Start page, you search for existing objects. On the same page, you can create a new object (a request, a person data record etc.).
If you, for example, click Create Employee on the Start page you will see this form, as it was configured in Identity Manager Admin for the identity "Employee":
On the Search page, you search for various objects with more complex search criteria and view and navigate in the search result list. Both the search parameters and the displayed fields of the search result list are configurable in Identity Manager Admin (see Set up search configuration in Identity Manager) and their visibility depends on your role (see Standard roles and bootstrap users in Identity Manager).
On the Open tasks page, you find the tasks to perform as part of a process. To see only the tasks assigned to you, check Show tasks personally assigned to me. You can also see the tasks you have permission to continue (based on your role).
Manage open tasks
- Click the process name in the first column.
The task opens in a popup window.
- Click Next to continue the task or Cancel if you do not want to proceed.
- Select the process you want to delete.
- Click the Delete button, which is only available for tasks assigned to you.
- To filter the result, use the from/to range of the creation date in the Search in all tasks in the bottom of the Open tasks page.
To change the size limit, use system.properties:
The size limit should not exceed 1000 to avoid issues with the database.
Use the Search in shown tasks filter, at the top of the Open tasks page, to only search the tasks which are already filtered by the Search in all tasks filter.
On the In progress page, you view or edit details of the objects selected in one of the Search procedures. You can, for example, request or produce a card for a person.
Core object history permissions
The core object history permissions control what is displayed for the core object history in Identity Manager Operator. The permissions can be added for a role or a user. When one or several of the object history permissions are enabled, the History button will be displayed on the core object detail page. If no object history permissions are enabled for a user or a role, the History button will not be displayed.
By default, all the core object history permissions are enabled.
See Set permissions from Identity Manager users or roles for more information about the different core object history permissions.
On the Batch orders page, you search for and compile objects into a list (a batch order) and apply immediately or later an applicable task to all objects on the list.
A typical order is to start a mass production at any time. Depending of the result of the batch order, the order is completed automatically after the last object is produced (or whatever the particularly batch order was designed for in Identity Manager Admin), or can be completed manually.
You can only see the Admin page if you have the right privileges. On the Admin page you can, for example:
- Reserve number ranges. (See Set up number ranges in Identity Manager.)
- Configure system properties
- Authentication methods visibility
Here you configure the authentication methods to be displayed on the login page. Read more under heading Login above.
- Inactive open tasks in Object View:
If Hide is checked, the open tasks that are assigned to another role/user are hidden from that user, otherwise the user can see all open tasks from the opened core object.
- Related objects in Object View:
If Open expanded view is checked, the expanded related objects view is open on default, otherwise the expanded related objects view is closed.
- Authentication methods visibility
- Download and Upload configuration
If the same database is used for Identity Manager Operator and Identity Manager Admin, they automatically use the same configuration, and the upload configuration is not necessary.
- List processes
- Clear cache
This is done automatically after a new configuration was uploaded, but has to be done manually if the configuration was edited in Identity Manager Admin. This is only necessary when the same database is used for Identity Manager Operator and Identity Manager Admin.
- Maintenance Mode
Puts the whole application in a maintenance mode during, for example, deploy time. (See Transfer configuration to Smart ID Identity Manager)
- Batch sync jobs
Lists all scheduled batch jobs with a description, status, start and end time.
Nexus Card SDK
For the following functions in Identity Manager, Nexus Card SDK must be installed on the user's PC:
- Capture photo, signature, fingerprint or documents
- Print cards/credentials on suitable printers
- Encode cards/credentials with suitable devices
PKI functions with smartcards (be aware that Card SDK will download and execute the Identity Manager PKI Encoder component for this functionality)
This article is valid for Smart ID 21.10 and later.