Nexus Documentation
Nexus Documentation
Breadcrumbs

Configure a pre-login process for Identity Manager Operator

This article includes updates for Identity Manager 6.0 and Smart ID 23.10.26.

This article describes how to configure a pre-login process for Identity Manager Operator. A pre-login process can be executed from the login page without being signed in. For example, this is useful when you need to reset a password for an account.

Warning
Be aware that anyone accessing the login page is able to start and execute the pre-login process. Therefore it is important to restrict what a user can view or update.

Configure prelogin-beans.xml

  1. Add a new spring bean called "pre-login-beans.xml " and put it in the spring folder of your docker-configuration. See Add custom spring beans in Identity Manager for more information. If you already have one for Smart ID Self-Service, add the following configuration to it.

    Make sure your pre-login-beans.xml is imported in beans.xml, put it at the end of the import list:
    <import resource="classpath*:spring/pre-login-beans.xml"/>

  2. Add the following information in pre-login-beans.xml:

    Example: pre-login-beans.xml

    XML
    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:util="http://www.springframework.org/schema/util"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

    <util:list id="preLoginProcesses" value-type="java.lang.String">
        <value>MyResetPasswordProcess</value>
        <value>MyOtherPreLoginProcess</value>
    </util:list>
</beans>

The processes to be shown on the login page have to be listed in the “preLoginProcesses” list. Replace the examples “MyResetPasswordProcess” and “MyOtherPreLoginProcess” with the symbolic names of the processes you want to show and add more if needed.

  1. Restart Identity Manager Operator. The process will now be displayed on the Identity Manager Operator login page.

Configure pre-login process

The process itself can be an ordinary BPMN process, but with one limitation: forms on the start task are not supported for pre-login. However, it is recommended to configure at least one user task in the pre-login process.

The pre-login user preLoginOperatorUser must have permissions to the processes including user tasks. It is defined in the spring bean "preLoginProcessManager" in frontend_explorer-beans.xml.

  1. Make sure that the pre-login user exists in Identity Manager Admin > User Administration and that it has the correct password configured. When initializing the database for current versions or when creating a tenant, the user is automatically created.

  2. In Identity Manager Admin, go to Home > Processes.

  3. Select a process ('i.e. 'MyResetPasswordProcess' in the example below), and double-click to open it. 

  4. Give the following permissions to the pre-login user:

    1. Start Process

    2. User tasks (when existing)

  • The pre-login user must exist in all tenants.

  • Only the pre-login processes existing in the selected tenant are displayed.

  1. Click Save.

Additional information

Useful links