Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added a link

This article describes the steps that have to be done with the Users package in Smart ID before you can start to use the system. There are many options included in the Users package. These options have default settings that can be changed. Read all about the options for the Users package here: Users - Options. The other packages also have options.

Expandall

Prerequisites

Expand
titleAdd users-beans.xml
  1. To be able to use the Users package, create a users-beans.xml file with the following information:

    Code Block
    titleusers-beans.xml
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
               xmlns:util="http://www.springframework.org/schema/util"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xmlns:p="http://www.springframework.org/schema/p"
               xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    
    
            http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
    
            <description>
                    Custom Spring configuration for distribution project -> PRIME Identity Management
            </description>
    
            <!-- START beginning patch get user data from logged in user (ussp)-->
            <bean id="coreObjectSearchManagerExecutingTask" class="de.vps.act.processexecution.delegation.ActionBasedJavaDelegate">
                    <property name="action" ref="coreObjectSearchManagerExecutingAction"/>
            </bean>
    
            <bean id="coreObjectSearchManagerExecutingAction" class="de.vps.act.action.coreobjects.CoreObjectSearchManagerExecutingAction">
                    <property name="coreObjectSearchManager" ref="coreObjectSearchManager"/>
                    <property name="coreTemplateName" value="UsersCt"/>
                    <property name="filterProvider">
                            <bean class="de.vps.act.kernel.datasource.filter.provider.SecurityIdentifierBasedFilterProvider">
                                    <property name="filterField" value="coreObject_id"/>
                                    <property name="securityIdentitiesExtractor" ref="securityIdentitiesExtractor"/>
                            </bean>
                    </property>
            </bean>
            <!-- END patch get user data from logged in user -->
    </beans>


  2. Place the file in <path to operator>/spring.

  3. If docker-compose is running, enter this command for the changes to apply:

    Code Block
    docker-compose up -d --force-recreate



Expand
titleChange the batch synchronization role

For the synchronization functionality to work (that is, "BatchSync") you must define the new role in the docker-compose.yml file

  1. Open docker-compose.yml for editing.
  2. In the 'ENVIRONMENT > SYSTEM_PROPERTIES' section for IDM operator, make sure that the following parameter exists:
    1. "batchSync.permissionRole": "Administrator"

      Example: batchSync.permissionRole is added to docker-compose.yml

      Code Block
      titledocker-compose.yml
      ....
          environment:
            - 'SYSTEM_PROPERTIES={
      		  "batchSync.permissionRole": "Administrator"
                "zipPacker.signZip": true,
                "zipUnpacker.verifyZip": true
              }'
      ......


  3.  If docker-compose is running, enter this command for the changes to apply:

    Code Block
    docker-compose up -d --force-recreate


Step-by-step instruction for the administrator

Expand
titleLog in to Identity Manager Admin
  1. Log in to Identity Manager Admin as administrator. Default login credentials are username: admin, password: admin.

    Note

    It is recommended to change the password for the administrator user.



Expand
titleUpload the users package in Identity Manager Admin
  1. In Identity Manager Admin, select the Configuration File tab.
  2. Click Upload configuration
  3. Click Select file and search for the Users.zip file.
  4. Click Upload.
Note

For information about how to change default use case settings, see Users - Options.



Expand
titleOption: Change the default roles that shall be visible in Identity Manager Operator

The default roles that shall be visible in Identity Manager Operator are listed in a CSV file that is included in the users.zip.

By default, the following roles for Identity Manager Operator are set:

  • Approver
  • Self-Service user
  • Operator

To change the default roles that shall be visible in Identity Manager Operator, for example, add a role, you must first add it in the CSV file and then also add it in Identity Manager Admin:

  1. Change or update the CSV file:
    1. Open the CSV file for editing.
    2. Add or change the text for the roles in the file. For example, add a role called "Helpdesk".
  2. Update Identity Manager Admin:
    1. Go to Home > Roles.
    2. To add a role click New. Add, for example, the role "Helpdesk", as you added in the CSV file in step 1b. Click Save and Edit.
    3. In the Permissions tab, select the permissions for the role.
    4. Click Save.

Identity Manager Admin can include more roles than in the CSV file, but those roles are only used in Identity Manager Admin. The permissions for those roles are set under "General Admin".


Expand
titleSet options

There are options that can be set for many of the use cases. These are described here: Users - Options.

  1. Set the options that need to be changed from the default values.

Step-by-step instruction for the operator

Expand
titleLog in to Identity Manager Operator
  1. Log in to Identity Manager Operator with your user account.

    Note

    The first time you log in to Identity Manager Operator, use these credentials, username: operator, password: operator.

    It is recommended to change the password for the operator.



Expand
titleUpload the default roles in Identity Manager Operator
  1. In the Quick search drop down list, select Default roles.
  2. Click Upload default roles.
  3. Search for the CSV file and upload it.

When you have uploaded the default roles, you can edit the roles for a user. See Edit roles.

You can also create default roles manually, see Create default role manually.


Expand
titleCreate reasons

When you shall deactivate, activate, lock or delete a user in Identity Manager Operator you have to set a reason for that. The reasons must be created before you start to use the system.

Refer to this instruction: Create reason.


Expand
titleCreate identifier

When you shall create a user in Identity Manager Operator, you have to set an identifier that shall be used for personal identification of the user. The identifier can be, for example, passport, driver license, national ID card or health card. The identifier must be created before you start to use the system.

Refer to this instruction: Create identifier.