Sun Identity Manager 8.1 Business Administrator's Guide

Create Users and Accounts

All service provider users must have an account in the Service Provider directory. If a user has accounts on other resources, then links to these accounts are stored in the user’s directory entry, so information about these accounts is available when the user is viewed.

Note –

A sample Service Provider User Form for creating and editing users is provided. Customize this form to meet the requirements for managing users in your Service Provider environment. For more information, see Chapter 3, Identity Manager Forms, in Sun Identity Manager Deployment Reference.

ProcedureTo Create a Service Provider Account

  1. In the Administrator interface, click Accounts on the menu bar.

  2. Click the Manage Service Provider Users tab.

  3. Click Create User.

    Note –

    When using the default Service Provider User Form the actual fields that are displayed depend on the attributes configured in the Account Attributes table (Schema map) of the Service Provider directory resource. Also, when you assign resources to the user (such as a delegated administrator), you should see new sections added to the display where you can specify values for the attributes for those resources. You may also customize the fields.

  4. Specify attribute values for these resources as required.

    These attribute values include:

    • accountid (required)

    • password

    • confirmation (password confirmation)

    • firstname (required)

    • lastname (required)

    • fullname

    • email

    • home phone

    • cell phone

    • password retry count

    • account unlock time

  5. Assign any desired Resources from the Available listing by using the arrow keys.

  6. The Account Status displays whether the account is locked or unlocked. Click this option to lock or unlock the account.

    Figure 17–9 Create Service Provider Users and Accounts

    Figure showing the Create Service Provider Account page

    Note –

    This form automatically populates values for the resource account attributes based on the attributes defined for the directory account (at the top). For example, if the resource defines firstName, then the product populates it with the firstName value from the directory account. However, after this initial population, modifications to these attributes are not propagated to the resource accounts. If desired, customize the provided sample Service Provider User Form.

  7. Click Save to create the user account.