Sun Identity Manager 8.1 Business Administrator's Guide

Chapter 2 Getting Started with the Identity Manager User Interface

Read this chapter to learn about the Identity Manager graphical user interfaces (UI) and how you can quickly begin using Identity Manager.

Topics covered include:

Identity Manager Administrator Interface

The Identity Manager system includes two primary graphical interfaces through which users perform tasks. These interfaces are the end-user interface and the administrator interface. The end-user interface (also called the User interface) is discussed later in this chapter on Identity Manager End-User Interface. The Administrator interface is discussed here.

The Identity Manager Administrator interface serves as the primary administrative view of the product. Through this interface, Identity Manager administrators manage users, set up and assign resources, define rights and access levels, and audit compliance in the Identity Manager system.

Interface organization is represented by these elements:

In some areas, such as Accounts, tabbed forms divide longer forms into one or more pages, enabling you to navigate them more easily. This is illustrated in Figure 2–1.

Note –

A quick reference to performing administrative tasks in the UI is available in Appendix C, User Interface Quick Reference.

Figure 2–1 Identity Manager Administrator Interface

Figure illustrating the how a tabbed form is used in
the Identity Manager Administrator Interface.

Logging in to the Identity Manager Administrator Interface

ProcedureTo Open the Administrator Interface

  1. Open a Web browser and type the following URL into the address bar:

  2. Enter your user ID and password and click Log In.

    The Administrator interface opens if your User ID has assigned capabilities and an assigned controlled organization.

Session Limits and Cookies

If cookies are enabled in the administrator’s Web browser, administrators will remain logged on to the Administrator interface up to the time allotted by the configured session limit. If cookies are disabled in the browser, then certain actions will cause the system to prompt the administrator to log in again during the session.

These actions include:

To avoid multiple login requests, cookies should be enabled.

Forgotten User ID

Identity Manager allows an administrator to retrieve his or her forgotten user ID. When an administrator clicks Forgot Your User ID? from the login page, a lookup page appears and requests identity attribute information associated with the account, such as first and last name, email address, or phone number.

Identity Manager then constructs a query to find a single user matching the entered values. If no match is found, or multiple matches are found, then an error message appears on the Lookup User ID page.

The lookup feature is enabled by default, but you can use one of the following actions to disable this feature:

Note –

If you upgrade from an earlier Identity Manager version to version 8.1, the Forgot Your User ID? feature will be disabled by default.

To enable this feature, you must modify the following attributes in the System Configuration object (Editing Identity Manager Configuration Objects):

ui.web.user.disableForgotUserId = false
ui.web.admin.disableForgotUserId = false

The set of user attribute names presented are configured through the system configuration attributes security.authn.lookupUserIdAttributes.<Administrator Interface | User Interface>. The attributes that can be specified are those defined as queryable attributes in the IDM Schema Configuration configuration object.

If recovered, then Identity Manager sends email to the email address of the recovered user by using the User ID Recovery email template.

Identity Manager End-User Interface

The Identity Manager end-user interface (also known as the “Identity Manager User interface”) presents a limited view of the Identity Manager system. This view is specifically tailored to users without administrative capabilities.

Note –

For instructions on how to log on to the end-user interface, see Logging in to the Identity Manager End-User Interface.

A user can perform various activities from the User interface, such as changing their password, performing self-provisioning tasks, and managing work items and delegations.

Identity Manager can be configured so that users can request an account by clicking a link on the end-user interface login page. For details, see Anonymous Enrollment.

The Five End-User Interface Tabs

The end-user interface is organized into five sections:

Home Tab

When a user logs in to the Identity Manager User interface, any pending work items and delegations for the user are displayed on the Home tab, as illustrated in the following figure.

Figure 2–2 User Interface (Home Tab)

Figure showing the Home Tab in the User Interface.

The Home tab provides quick access to any pending items. Users can click an item in the list to respond to a work item request or perform other available actions.

Work Items Tab

The Work Items tab is further divided into separate Approvals, Attestations, Remediations, and Other tabs. In this area of the user interface users can approve or reject any pending work items that the user owns or has the authority to act on.

Requests Tab

The Requests tab has two subtabs: Launch Requests and View.

On the Launch Requests tab users have two choices: Update My Roles and Update My Resources.

The View subtab displays status details for requests submitted by the user. From this area users can view the process status and task results for the requests they submit.

Delegations Tab

From the Delegations tab, users can delegate work items to other Identity Manager users. For example, a user who is the assigned approver for one or more roles can designate that future approval work items be sent to a colleague for a certain amount of time while the user is away on vacation. Using the Delegations page, users can create and manage delegations without requiring the assistance of an administrator.

Profile Tab

End-users can manage their Identity Manger password and account attribute settings from the Profile tab. This tab is divided into the following four subtabs:

Logging in to the Identity Manager End-User Interface

Use the following instructions to log into the Identity Manager End-User Interface.

ProcedureTo Open the End-User Interface

  1. Open a Web browser and type the following URL into the address bar:

  2. Enter a user ID and password and click Log In.

    The end-user interface opens.

Retrieving Forgotten User IDs

Identity Manager allows end-users to retrieve their forgotten user IDs. For more information, see Forgotten User ID in the Logging in to the Identity Manager Administrator Interface section.

Help and Guidance

To successfully complete some tasks, you might need to consult Help and Identity Manager guidance (field-level information and instructions). Help and guidance are available from the Identity Manager Administrator and User interfaces.

Identity Manager Help

For task-related help and information, click the Help button, which is located at the top of each Administrator and User interface page, as depicted in the following figure.

Figure 2–3 Help Button in the Identity Manager Interface

Figure showing the Help button.

At the bottom of each Help window is a Contents link that guides you to other Help topics and the Identity Manager terms glossary.

Identity Manager Guidance

Identity Manager guidance is brief, targeted help that appears next to many page fields. Its goal is to help you enter information or make selections as you move through a page to perform a task.

A symbol marked with the letter “i” displays next to fields with guidance. Click the symbol to open a window and display its associated information.

Figure 2–4 Identity Manager Guidance

Figure showing how to access Identity Manager iHelp.

The Identity Manager Debug Page

The administrator interface includes pages that are useful when you need to optimize Identity Manager or troubleshoot a problem. To access these pages open the Identity Manager Debug Page, which is also called the System Settings page.

To open the Identity Manager Debug Page, type the following URL into your browser. (Depending on your platform and configuration, URLs may be case-sensitive.)


Users must have the Debug capability to view /idm/debug/ pages. For information about capabilities, see Assigning Capabilities to Users.

Figure 2–5 The Identity Manager Debug Page (System Settings)

Figure showing the System Settings page used for debugging.

For information about troubleshooting Identity Manager, seeChapter 5, Tracing and Troubleshooting, in Sun Identity Manager 8.1 System Administrator’s Guide.

Identity Manager IDE

The Sun Identity Manager Integrated Development Environment (Identity Manager IDE) provides a graphical view of Identity Manager forms, rules, and workflows. It is a fully integrated NetBeans plugin that is distributed with Identity Manager in the Identity Manager distribution package.

Using the Identity Manager IDE, you create and edit forms that establish the features available on each Identity Manager page. You can also modify Identity Manager workflows, which define the sequence of actions followed or tasks performed when working with Identity Manager user accounts. Additionally, you can modify rules defined in Identity Manager that determine workflow behaviors.

Figure 2–6 Identity Manager IDE Interface

Figure showing the Identity Manager IDEwindow and interface.

To download the Identity Manager IDE, visit this website:

You can also use the Business Process Editor (BPE) to make customizations, if you have it installed with earlier versions of Identity Manager.

Where to Go from Here

After you become familiar with Identity Manager interfaces and the ways that you can find information, use the following reference to guide you to the topics you want to focus on:

Chapter Topic  


Chapter 3, User and Account Management

Describes the Accounts area of the interface and provides procedures for managing user accounts. 

Chapter 5, Roles and Resources

Describes how to work with Identity Manager roles and resources. 

Chapter 4, Configuring Business Administration Objects

Describes the configuration tasks and how to set up Identity Manager objects. 

Chapter 6, Administration

Explains how to create and manage Identity Manager administrators and organizations. 

Chapter 7, Data Loading and Synchronization

Provides a guide to the features and tools you can use to maintain current data in Identity Manager. 

Chapter 8, Reporting

Describes the reports and how to generate them. 

Chapter 9, Task Templates

Describes the Task Templates you can use to configure certain workflow behaviors. 

Chapter 10, Audit Logging

Describes the audit logs and how the auditing system works. 

Chapter 11, PasswordSync

Describes how to set up the PasswordSync utility to synchronize password changes in Windows Active Directory domains with changes with Identity Manager. 

Chapter 12, Security

Describes the security features and how to use them. 

Chapter 13, Identity Auditing: Basic Concepts

Describes basic auditing concepts. 

Chapter 14, Auditing: Audit Policies

Describes how to create audit policies. 

Chapter 15, Auditing: Monitoring Compliance

Describes how to conduct audit reviews and implement practices that help you manage compliance with federally mandated regulations 

Chapter 16, Data Exporter

The Data Exporter feature allows you to write information about users, roles, and other object types to an external data warehouse. 

Chapter 17, Service Provider Administration

Describes features for managing service provider users. 

Appendix A, lh Reference

Describes commands available from the Identity Manager command line. 

Appendix B, Audit Log Database Schema

Audit data schema values for the supported database types and audit log database mappings 

Appendix C, User Interface Quick Reference

A quick reference to performing administrative tasks in the UI. It shows the primary location where you will go to begin each task, as well as alternate locations or methods (if available) that you can use to perform the same task. 

Appendix D, Capabilities Definitions

A list of Identity Manager’s default task-based and functional capabilities (with definitions). This appendix also lists the tabs and subtabs that may be accessed with each task-based capability.