Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.


This article describes the steps that have to be done with the Users package in Smart ID before you can start to use the system. There are many options included in the Users package. These options have default settings that can be changed. Read all about the options for the Users package here: Users - Options. The other packages also have options.

Expand/Collapse All

Prerequisites

  1. To be able to use the Users package, create a custom-beans.xml file with the following information:

    custom-beans.xml
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
               xmlns:util="http://www.springframework.org/schema/util"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xmlns:p="http://www.springframework.org/schema/p"
               xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    
    
            http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
    
            <description>
                    Custom Spring configuration for distribution project -> PRIME Identity Management
            </description>
    
            <!-- START beginning patch get user data from logged in user (ussp)-->
            <bean id="coreObjectSearchManagerExecutingTask" class="de.vps.act.processexecution.delegation.ActionBasedJavaDelegate">
                    <property name="action" ref="coreObjectSearchManagerExecutingAction"/>
            </bean>
    
            <bean id="coreObjectSearchManagerExecutingAction" class="de.vps.act.action.coreobjects.CoreObjectSearchManagerExecutingAction">
                    <property name="coreObjectSearchManager" ref="coreObjectSearchManager"/>
                    <property name="coreTemplateName" value="UsersCt"/>
                    <property name="filterProvider">
                            <bean class="de.vps.act.kernel.datasource.filter.provider.SecurityIdentifierBasedFilterProvider">
                                    <property name="filterField" value="coreObject_id"/>
                                    <property name="securityIdentitiesExtractor" ref="securityIdentitiesExtractor"/>
                            </bean>
                    </property>
            </bean>
            <!-- END patch get user data from logged in user -->
    </beans>
  2. Place the file in <docker-compose root>/config/spring.

  3. If docker-compose is running, enter this command for the changes to apply:

    docker-compose up -d --force-recreate

For the synchronization functionality to work (that is, "BatchSync") you must define the new role in the docker-compose.yml file

  1. Open docker-compose.yml for editing.
  2. In the 'ENVIRONMENT > SYSTEM_PROPERTIES' section for IDM operator, make sure that the following parameter exists:
    1. "batchSync.permissionRole": "Administrator"

      Example: batchSync.permissionRole is added to docker-compose.yml

      docker-compose.yml
      ....
          environment:
            - 'SYSTEM_PROPERTIES={
      		  "batchSync.permissionRole": "Administrator"
                "zipPacker.signZip": true,
                "zipUnpacker.verifyZip": true
              }'
      ......
  3.  If docker-compose is running, enter this command for the changes to apply:

    docker-compose up -d --force-recreate

Step-by-step instruction for the administrator

  1. Log in to Identity Manager Admin as administrator. Default login credentials are username: admin, password: admin.

    It is recommended to change the password for the administrator user.

  1. In Identity Manager Admin, select the Configuration File tab.
  2. Click Upload configuration
  3. Click Select file and search for the Users.zip file.
  4. Click Upload.

For information about how to change default use case settings, see Users - Options.

The default roles that shall be visible in Identity Manager Operator are listed in a CSV file that is included in the users.zip.

By default, the following roles for Identity Manager Operator are set:

  • Approver
  • Self-Service user
  • Operator

To change the default roles that shall be visible in Identity Manager Operator, for example, add a role, you must first add it in the CSV file and then also add it in Identity Manager Admin:

  1. Change or update the CSV file:
    1. Open the CSV file for editing.
    2. Add or change the text for the roles in the file. For example, add a role called "Helpdesk".
  2. Update Identity Manager Admin:
    1. Go to Home > Roles.
    2. To add a role click New. Add, for example, the role "Helpdesk", as you added in the CSV file in step 1b. Click Save and Edit.
    3. In the Permissions tab, select the permissions for the role.
    4. Click Save.

Identity Manager Admin can include more roles than in the CSV file, but those roles are only used in Identity Manager Admin. The permissions for those roles are set under "General Admin".

There are options that can be set for many of the use cases. These are described here: Users - Options.

  1. Set the options that need to be changed from the default values.

Step-by-step instruction for the operator

  1. Log in to Identity Manager Operator with your user account.

    The first time you log in to Identity Manager Operator, use these credentials, username: operator, password: operator.

    It is recommended to change the password for the operator.

  1. In the Quick search drop down list, select Default roles.
  2. Click Upload default roles.
  3. Search for the CSV file and upload it.

When you have uploaded the default roles, you can edit the roles for a user. See Edit roles.

You can also create default roles manually, see Create default role manually.

When you shall deactivate, activate, lock or delete a user in Identity Manager Operator you have to set a reason for that. The reasons must be created before you start to use the system.

Refer to this instruction: Create reason.

When you shall create a user in Identity Manager Operator, you have to set an identifier that shall be used for personal identification of the user. The identifier can be, for example, passport, driver license, national ID card or health card. The identifier must be created before you start to use the system.

Refer to this instruction: Create identifier.