test

Sun OpenSSO Enterprise 8.0 Administration Guide

Creating Users

A user represents an individual’s identity. Users can be created and deleted, and can be added or removed from roles and/or groups. You can also assign services to the user. The following procedures contain more information.

ProcedureTo Create a User

Before You Begin

This procedure assumes you are logged into the OpenSSO Enterprise console as the administrator; by default, amadmin.

  1. Under the Access Control tab, click the name of the realm in which you are creating the user.

  2. Click the Subjects tab.

  3. Click New.

  4. Enter data for the following fields:

    ID This field takes the identifier of the user purposes of logging into the OpenSSO Enterprise console. This property does not have to be a DN.

    First Name This field takes the first name of the user.

    Last Name This field takes the last name of the user.

    Full Name This field takes the full name of the user.

    Password. This field takes the password for the user.

    Password (Confirm) Confirm the password.

    User Status This option indicates whether the user is allowed to authenticate through OpenSSO Enterprise.

  5. Click OK.

    You can now modify the user profile by clicking the name of the user. For information on the user attributes, see the User attributes. Other modifications you can perform:

ProcedureTo Modify a User

To add a user to a group or role, assign a service to a user profile or add values to the additional user profile attributes, modify the user profile.

Before You Begin

This procedure assumes you are logged into the OpenSSO Enterprise console as the administrator; by default, amadmin.

  1. Under the Access Control tab, click the name of the realm in which you are creating the user.

  2. Click the Subjects tab.

  3. Click the name of the user you want to modify.

    The Edit User page is displayed under the General tab.

  4. (Optional) Add values to the following user profile attributes.

    • Password can be used to change the user's defined password.

      Note –

      The top level administrator's username and password is created when you configure OpenSSO Enterprise. This password can be changed at any time through the console, or with the ampassword command line utility. This attribute is used to change the top level administrator password through the console. For more information on ampassword, see Chapter 3, The ampassword Command Line Tool, in Sun OpenSSO Enterprise 8.0 Administration Reference.

    • Email Address

    • Employee Number

    • Telephone Number

    • Home Address

    • Account Expiration Date

    • User Authentication Configuration defines the process to which the user must successfully authenticate.

    • User Alias List defines a list of aliases that may be applied to the user. In order to use any aliases configured in this attribute, the LDAP service has to be modified by adding the iplanet-am-user-alias-list attribute to the User Entry Search Attributes field in the LDAP service.

    • Success URL specifies the URL that the user will be redirected to upon successful authentication.

    • Failure URL specifies the URL that the user will be redirected to upon failed authentication.

    • Password Reset Options forces the user to change a defined password at the next login.

    • MSISDN Number defines the user's Mobile Station International Subscriber Directory Number if using MSISDN authentication.

  5. Click Save to save the values.

  6. Click the Services tab.

  7. Click Add.

  8. Select from the displayed services and click Next.

  9. Modify the service's attributes and click Finish.

  10. Click Finish.

  11. Click the Groups tab to add the user to a specific group.

  12. Add a group displayed in the Available list to the Selected list and click Save.

  13. Click Back to Subjects.