Identity Manager Operator
This article includes updates for Smart ID 23.04.
Identity Manager has an easy-to-use web interface where the operator can manage identities, cards and credentials; and run predefined queries, reports, filters and statistics. The available tasks depend on the configuration that has been set up in Identity Manager Admin.
The Identity Manager Operator user interface is available as an HTML5 application.
Depending on the user’s role and permissions, different navigation options and user actions are possible, such as, types of data objects visible or tasks that can be performed. See here for more information regarding roles in Identity Manager. There is multi-language support, and the default language is based on the language of the client’s operating system. For more information regarding language setup, see Translate interface texts in Identity Manager.
See also Configure Smart ID Identity Manager.
Login
These are the available login options that can be configured:
Username and password
Single Sign-On via SAML
Client certificate
Depending on how the tenants are configured you see all of the login methods or just a subset.
You can also select language.
There is a logout button for SAML in Identity Manager, if you use that button you are not asked again for your credentials when you log in again with SAML, the SAML ticket stays valid. This is referred to as user session logout.
Login methods
Configure authentication methods for login
In the Admin page of Identity Manager Operator you configure the authentication methods to be displayed on the login page. The respective authentication profile must have been configured as well. At least one authentication method must be displayed.
Start page
On the Start page, you search for existing objects or create a new object (a request, a person data record etc.)
Quick search
Here you can select in a drop-down list different search configurations. You can also type text in the text field. If something is found, a drop-down opens below the text field and when you select an element, you will be directed to the detailed page for this element. To be seen in the drop-down list, the search configuration must be configured in Identity Manager Admin. The purpose must be set to "Quick search". Read more about this in Set up search configuration in Identity Manager, section "Set search purpose". The user must also have the "Execute" permission in SearchConfig to see the search configuration, see section "Set permissions".
To change the order of the list, see section "Change the sort order in Quick search on the Start page and on the Search page".
What do you want to do?
You can also select from the tasks under "What do you want to do?", if you have the permission to start a specific process (task). The permission is set in Identity Manager Admin. Which tasks that are shown in the list, and the sort order of the list, is configured in Identity Manager Admin. Read more here: Configure tasks (processes) in Identity Manager Operator.
If you, for example, select Create Employee from the Start page you will see this form, as it was configured in Identity Manager Admin for the identity "Employee":
Search page
On the Search page, you search for various objects with more complex search criteria and view and navigate in the search result list. Both the search parameters and the displayed fields of the search result list are configurable in Identity Manager Admin. For more information, see Set up search configuration in Identity Manager and Standard roles and bootstrap users in Identity Manager.
Open tasks page
On the Open tasks page, you find the tasks to perform as part of a process. To see only the tasks assigned to you, check Show tasks assigned to me. You can also see the tasks you have permission to continue (based on your role).
Manage open tasks
Continue task
Click the process name in the first column. The task opens in a popup window.
Click Next to continue the task or Cancel if you do not want to proceed.
Delete task
Select the process you want to delete.
Click the Delete button, which is only available for tasks assigned to you.
Change the size of the task list
To filter the result, use the from/to range of the creation date in the Search in all tasks in the bottom of the Open tasks page.
To change the size limit, use system.properties:
Example: Filter out 40 tasks
CODEtaskInbox.maxSizeOfList=40
The size limit should not exceed 1000 to avoid issues with the database.
Use the Search in shown tasks filter, at the top of the Open tasks page, to only search the tasks which are already filtered by the Search in all tasks filter
In progress page
On the In progress page, you view or edit details of the objects selected in one of the Search procedures. You can, for example, request or produce a card for a person.
Core object history permissions
The core object history permissions control what is displayed for the core object history in Identity Manager Operator. The permissions can be added for a role or a user. When one or several of the object history permissions are enabled, the History button will be displayed on the core object detail page. If no object history permissions are enabled for a user or a role, the History button will not be displayed.
By default, all the core object history permissions are enabled.
See Set permissions from Identity Manager users or roles for more information about the different core object history permissions.
Batch orders page
On the Batch orders page, you search for and compile objects into a list (a batch order) and apply immediately or later an applicable task to all objects on the list.
A typical order is to start a mass production at any time. Depending of the result of the batch order, the order is completed automatically after the last object is produced (or whatever the particularly batch order was designed for in Identity Manager Admin), or can be completed manually.
Admin page
You can only see the Admin page if you have the right privileges. On the Admin page you can, for example:
Reserve number ranges, see Set up number ranges in Identity Manager.
Configure system properties
Authentication methods visibility
In the Admin page of Identity Manager Operator, you can configure the authentication methods to be displayed on the login page. The respective authentication profile must have been configured as well. At least one authentication method must be displayed.
See also the "Login" section above.Inactive open tasks in Object View:
If Hide is checked, the open tasks that are assigned to another role/user are hidden from that user, otherwise the user can see all open tasks from the opened core object.Related objects in Object View:
If Open expanded view is checked, the expanded related objects view is open on default, otherwise the expanded related objects view is closed.
Download and Upload configuration
If the same database is used for Identity Manager Operator and Identity Manager Admin, they automatically use the same configuration, and the upload configuration is not necessary.List processes
Clear cache
This is done automatically after a new configuration was uploaded, but has to be done manually if the configuration was edited in Identity Manager Admin. This is only necessary when the same database is used for Identity Manager Operator and Identity Manager Admin.Maintenance Mode
Puts the whole application in a maintenance mode during, for example, deploy time. (See Transfer configuration to Smart ID Identity Manager)Scheduled jobs
Lists all scheduled jobs with a description, status, start and end time.
Nexus Card SDK
For the following functions in Identity Manager, Nexus Card SDK must be installed on the user's PC:
Capture photo, signature, fingerprint or documents
Print cards/credentials on suitable printers
Encode cards/credentials with suitable devices
PKI functions with smartcards (be aware that Card SDK will download and execute the Identity Manager PKI Encoder component for this functionality)