Sun Identity Manager 8.1 Business Administrator's Guide

Anonymous Enrollment

The anonymous enrollment feature allows a user without an Identity Manager account to obtain one by request.

Enabling Anonymous Enrollment

By default, the anonymous enrollment feature is disabled.

ProcedureTo Enable the Anonymous Enrollment Feature

  1. In the Administrator interface, click Configure, and then click User Interface.

  2. In the Anonymous Enrollment area, select the Enable option, and then click Save.

    When a user logs in to the User interface, the login page will display the text First time user? followed by a Request Account link.

    Note –

    The text First time user? Request Account is customizable. See the Sun Identity Manager Deployment Guidefor details.

    Figure 3–11 The User Interface Page With the “Request Account” Link Enabled

    Figure illustrating the Identity Manager Log In Screen
with the “Request Account” Link Enabled

Configuring Anonymous Enrollment

From the Anonymous Enrollment area on the User Interface page, you can configure the following options for the anonymous enrollment process:

Click Save when finished.

User Enrollment Process

When a user logs on to the User interface, that user can request an account by clicking Request Account on the login page.

Identity Manager displays the first of two registration pages, which requests a first name, last name, and employee ID. If the Enable Validation attribute is set to yes (the default), then this information must be validated before the user can proceed to the next page.

The verifyFirstname, verifyLastname, verifyEmployeeId, and verifyEligibility rules in EndUserLibrary validate the information for each attribute.

Note –

You may need to modify one or more of these rules. In particular, you should modify the rule that verifies the employee ID to use a Web services call or Java class to verify the information.

If the Enable Validation attribute is disabled, then the initial registration page does not display. In this case, you must modify the End User Anonymous Enrollment Completion form to allow the user to enter information normally captured by the initial validation form.

From the information provided on the Registration page, Identity Manager generates:

If the information provided by the user on the Registration page validates correctly, then Identity Manager presents the user with the second Registration page. Here the user must enter a password and password confirmation. If the Require Privacy Policy attribute is set to yes, then the user must also select an option to accept the terms of the privacy policy.

When the user clicks Register, Identity Manager presents a confirmation page. If the Enable Notifications attribute is set to yes, then the page indicates the user will receive email notification when he account has been created.

The account is created after the standard Create User process (including approvals required by the idmManager attribute and policy settings) is complete.