Nexus Documentation
Nexus Documentation
Breadcrumbs

Configure a pre-login process for Identity Manager Operator

This article includes updates for Identity Manager 5.1.0.

This article describes how to configure a pre-login process for Identity Manager Operator. A pre-login process can be executed from the login page without being signed in. For example, this is useful when you need to reset a password for an account.

Configure pre-login process

The process itself can be an ordinary BPMN process, but with one limitation: forms on the start task are not supported for pre-login. However, it is recommended to configure at least one user task in the pre-login process.

To make a process visible on the Identity Manager Operator login page:

  1. In Identity Manager Admin, go to Home > Processes.

  2. Select a process ('i.e. 'MyResetPasswordProcess' in the example below), and double-click to open it. 

  3. Go to the Permissions tab.

    1. Select Start process, and add the 'MyPreLoginOperatorUser' to be able to start this process in Identity Manager Operator.

  • The pre-login user must exist in all tenants.

  • Only the pre-login processes existing in the selected tenant are displayed.

There is a preconfigured internal user in Identity Manager called  'MyPreLoginOperatorUser', which is responsible for the visibility of pre-login processes in Identity Manager Operator. All user tasks that should be executed in the pre-login mode must be assigned to that user (or corresponding role). See Home > User Administration in Identity Manager Admin, see also Set permissions from Identity Manager users or roles.

  1. Click Save.

Configure prelogin-beans.xml

  1. Add a new spring bean called "pre-login-beans.xml " and put it in the spring folder of your docker-configuration. See Add custom spring beans in Identity Manager for more information. If you already have one for Smart ID Self-Service, add the following configuration to it.

    Make sure your pre-login-beans.xml is imported in beans.xml, put it at the end of the import list:
    <import resource="classpath*:spring/pre-login-beans.xml"/>

  2. Add the following information in pre-login-beans.xml:

    Example: pre-login-beans.xml

    XML
    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:util="http://www.springframework.org/schema/util"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

    <bean name="preLoginProcessManager" class="de.vps.act.frontend.login.prelogin.PreLoginProcessManager" parent="abstractPreLoginProcessManager" scope="prototype">
        <property name="temporaryUser" value="MyPreLoginOperatorUser"/>
        <property name="password" value="MySecretPassword"/>
        <property name="preLoginProcesses" ref="preLoginProcesses"/>
    </bean>

    <util:list id="preLoginProcesses" value-type="java.lang.String">
        <value>MyResetPasswordProcess</value>
        <value>MyOtherPreLoginProcess</value>
    </util:list>
</beans>

'MyPreLoginOperatorUser' is the symbolic name of the BPMN process to be executed, and therefore it needs to be replaced with the respective name of the customer configuration.

  1. Restart Identity Manager Operator. The process will now be displayed on the Identity Manager Operator login page.

Additional information

Useful links