Skip to main content
Skip table of contents

Users - Start-up guide

This guide must be followed before you can start to use the system.

This article describes the steps that have to be done with the Users package in Smart ID before you can start to use the system. There are many options included in the Users package. These options have default settings that can be changed. Read all about the options for the Users package here: Users - Options. The other packages also have options.

Add users-beans.xml

  1. To use the Users package, create a users-beans.xml file with the following information:

    users-beans.xml

    CODE
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
               xmlns:util="http://www.springframework.org/schema/util"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xmlns:p="http://www.springframework.org/schema/p"
               xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    
    
            http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
    
            <description>
                    Custom Spring configuration for distribution project -> PRIME Identity Management
            </description>
    
            <!-- START beginning patch get user data from logged in user (ussp)-->
            <bean id="UsersLoadLoggedInUserDataTask" class="de.vps.act.processexecution.delegation.ActionBasedJavaDelegate">
                    <property name="action" ref="UsersLoadLoggedInUserDataAction"/>
            </bean>
    
            <bean id="UsersLoadLoggedInUserDataAction" class="de.vps.act.action.coreobjects.CoreObjectSearchManagerExecutingAction">
                    <property name="coreObjectSearchManager" ref="coreObjectSearchManager"/>
                    <property name="coreTemplateName" value="UsersCt"/>
                    <property name="filterProvider">
                            <bean class="de.vps.act.kernel.datasource.filter.provider.SecurityIdentifierBasedFilterProvider">
                                    <property name="filterField" value="coreObject_id"/>
                                    <property name="securityIdentitiesExtractor" ref="securityIdentitiesExtractor"/>
                            </bean>
                    </property>
            </bean>
            <!-- END patch get user data from logged in user -->
    
    
            <!-- END non filtering filter to pass all data fields to ussp instead of data pool related fields not only necessary for stella (R&S) -->
    
            <!-- START USSP can't handle Juel Expression - Definiition to clear Juel Expression -->
            <bean id="preLoginRequest" class="de.nexus.prime.auth.rest.model.PreLoginRequest">
                    <property name="temporaryUser" value="preLoginProcessUSSPUser"/>
                    <property name="password" value="1234"/>
            </bean>
    
            <bean id="UsersLoadPreLoggedInUserDataTask" class="de.vps.act.processexecution.delegation.ActionBasedJavaDelegate">
                    <property name="action" ref="UsersLoadPreLoggedInUserDataAction"/>
            </bean>
    
            <bean id="UsersLoadPreLoggedInUserDataAction" class="de.vps.act.action.coreobjects.CoreObjectSearchManagerExecutingAction">
                    <property name="coreObjectSearchManager" ref="coreObjectSearchManager"/>
            <property name="coreTemplateName" value="UsersCt"/>
            <property name="filterProvider" ref="UsersLoadPreLoggedInUserDataProvider" />
            </bean>
    
            <bean id="UsersLoadPreLoggedInUserDataProvider" class="de.vps.act.domain.searcharea.filterprovider.SearchFieldBasedFilterProvider">
            <property name="juelExpressionResolver" ref="juelExpressionResolver"/>
            <property name="searchFields">
                <util:list>
                    <bean class="de.vps.act.domain.searcharea.SearchField" p:searchCondition="EQUALS" p:value="#{'$'}{UsersDp_Email}" p:dataType="STRING">
                        <constructor-arg value="Email"/>
                    </bean>
                </util:list>
            </property>
            </bean>
    
            <bean id="loginProcessUser" class="java.lang.String">
                    <constructor-arg value="loginProcessUser"/>
            </bean>
    
            <!-- END USSP Pre-Loginprocess "Forget Password" -->
    
    </beans>
  2. Place the file in <path to operator>/spring.

  3. If docker-compose is running, enter this command for the changes to apply:

    CODE
    docker-compose up -d --force-recreate

Change the batch synchronization role

For the synchronization functionality to work (that is, "BatchSync") you must define the new role in the docker-compose.yml file

  1. Open docker-compose.yml for editing.

  2. In the 'ENVIRONMENT > SYSTEM_PROPERTIES' section for IDM operator, make sure that the following parameter exists:

    1. "batchSync.permissionRole": "Administrator"

      Example: batchSync.permissionRole is added to docker-compose.yml

      docker-compose.yml

      CODE
      ....
          environment:
            - 'SYSTEM_PROPERTIES={
      		  "batchSync.permissionRole": "Administrator",
                "zipPacker.signZip": true,
                "zipUnpacker.verifyZip": true,
              }'
      ......
  3.  If docker-compose is running, enter this command for the changes to apply:

    CODE
    docker-compose up -d --force-recreate

Step-by-step instruction for the administrator

Log in to Identity Manager Admin

  • Log in to Identity Manager Admin as administrator. Default login credentials are username: admin, password: admin.

It is recommended to change the password for the administrator user.

Upload the users package in Identity Manager Admin

  1. In Identity Manager Admin, select the Configuration File tab.

  2. Click Upload configuration

  3. Click Select file and search for the Users.zip file.

  4. Click Upload.

For information about how to change default use case settings, see Users - Options.

Option: Change the default roles that shall be visible in Identity Manager Operator

The default roles that shall be visible in Identity Manager Operator are listed in a CSV file that is included in the users.zip.

By default, the following roles for Identity Manager Operator are set:

  • Approver

  • Self-Service user

  • Operator

To change the default roles that shall be visible in Identity Manager Operator, for example, add a role, you must first add it in the CSV file and then also add it in Identity Manager Admin:

  1. Change or update the CSV file:

    1. Open the CSV file for editing.

    2. Add or change the text for the roles in the file. For example, add a role called "Helpdesk".

  2. Update Identity Manager Admin:

    1. Go to Home > Roles.

    2. To add a role click New. Add, for example, the role "Helpdesk", as you added in the CSV file in step 1b. Click Save and Edit.

    3. In the Permissions tab, select the permissions for the role.

    4. Click Save.

Identity Manager Admin can include more roles than in the CSV file, but those roles are only used in Identity Manager Admin. The permissions for those roles are set under "General Admin".

Set options

There are options that can be set for many of the use cases. These are described here: Users - Options.

  • Set the options that need to be changed from the default values.

Step-by-step instruction for the operator

Log in to Identity Manager Operator

  • Log in to Identity Manager Operator with your user account.

The first time you log in to Identity Manager Operator, use these credentials, username: operator, password: operator.

It is recommended to change the password for the operator.

Upload the default roles in Identity Manager Operator

  1. In the Quick search drop-down list, select Default roles.

  2. Click Upload default roles.

  3. Search for the CSV file and upload it.

When you have uploaded the default roles, you can edit the roles for a user. See Edit roles.

You can also create default roles manually, see Create default role manually.

Create reasons

When you deactivate, activate, lock, or delete a user in Identity Manager Operator, you must enter a reason. The reasons must be created before you start to use the system.

For more information, see Create reason.

Create identifier

When you create a user in Identity Manager Operator, you must set an identifier that will be used for personal identification of the user. The identifier can be, for example, passport, driver license, national ID card, or health card. The identifier must be created before you start to use the system.

For more information, see Create identifier.

Additional information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.