Sun Identity Manager 8.1 Business Administrator's Guide

Search Service Provider Users

Service Provider includes a configurable search capability to aid in administering user accounts. Only the users within your scope, (as defined by your organization, and perhaps other factors) are returned in a search.

To perform a basic search of service provider users, from the Accounts area in the Identity Manager interface, click Manage Service Provider Users, then enter the search value and click Search.

The following topics discuss the Service Provider search features:

Advanced Search

Use the following instructions to perform an Advanced Search of Service Provider users.

ProcedureTo Perform an Advanced Search of Service Provider Users

  1. From the Service Provider Users Search page, click Advanced.

  2. Choose the desired Attribute from the list.

  3. Choose the desired Operation from the list.

    You are specifying a set of conditions in order to filter the users returned from the search and that the users returned must meet all of the specified conditions.

  4. Enter the desired search value, and then click Search.

    Figure 17–10 Search Users

    Figure illustrating how to search for Service Provider Users

    You can add or remove Attribute Conditions, using the following options:

    • Click Add Condition and specify the new attribute.

    • Select the item and click Remove Selected Conditions.

Search Results

Service Provider search results are displayed in a table, as depicted in Figure 17–11. The results can be sorted by any attribute by clicking on the column header for that attribute. The results displayed depend on the attributes you selected.

The arrow buttons navigate to the first, previous, next, and last pages of results. You can jump to a specific page by entering the number in the text box and pressing Enter.

To edit a user, click the user name in the table.

Figure 17–11 Example of Search Results

Figure showing example Search results

The search results page enables you to delete users or unlink resource accounts, by selecting one or more users and clicking the Delete button. This action brings up a delete user page and presents additional options (see Delete, Unassign, or Unlink Accounts)

Link Accounts

Service Provider may be installed in environments in which users have accounts on multiple resources. The account linking feature of Service Provider enables you to assign existing resource accounts to Service Provider users in an incremental fashion. The account linking process is controlled by the Service Provider linking policy, which defines a link correlation rule, a link confirmation rule, and a link verification option.

ProcedureTo Link User Accounts

  1. In the Administrator interface, click Resources in the menu bar.

  2. Select the desired resource.

  3. Select Edit Service Provider Linking Policy from the Resources Action menu.

  4. Select a link correlation rule. This rule searches for accounts on the resource that the user may own.

  5. Select a link confirmation rule. This rule eliminates any resource accounts from the list of potential accounts that the link correlation rule selects.

    Note –

    If the link correlation rule selects no more than one account, then the link confirmation rule is not required.

  6. Select Link verification required to link the target resource account to the Service Provider user.

Delete, Unassign, or Unlink Accounts

ProcedureTo Delete, Unassign, or Unlink User Accounts

  1. Click Accounts from the menu bar.

  2. Click Manage Service Provider Users.

  3. Perform a basic or advance search.

  4. Select the desired user or users.

  5. Click the Delete button.

  6. Select one of the optional global options.

    These options include:

    • Delete All resource accounts

      Note –

      Deleting a resource deletes the account, but the resource assignment still exists. A subsequent update of the user recreates the account. Delete always implies an unlink of the resource account.

    • Unassign All resource accounts

      Note –

      Unassigning a resource removes that resource assignment. Unassign implies an unlink of the resource account. The resource account is not deleted when the resource is unassigned.

    • Unlink All resource accounts

      Note –

      Unlinking removes the link between a user and the resource account, but this does not delete the account. The resource assignment is not removed either, so a subsequent update to the user relinks the account or creates a new account on the resource.

  7. Alternatively, select an action for one or more resource accounts in the Delete, Unassign, or Unlink columns.

  8. After selecting the desired user accounts, click OK.

    Figure 17–12 Delete, Unassign, or Unlink Accounts

    Figure showing the options used for deleting, unassigning,
and unlinking all resource accounts

Set Search Options

ProcedureTo Set Search Options for Service Provider Users,

  1. In the Administrator interface, click Accounts in the menu bar.

  2. Click Service Provider.

  3. Click Options.

    Note –

    These options are only valid for the current login session. The options effect how the search results are displayed, that they effect both the basic and advanced search results, and that some settings only take effect on new searches.

  4. Enter the Maximum Results Returned.

  5. Enter the Number of Results Per Page.

  6. Choose the desired Display Attribute from the Available Attributes using the arrow keys.

    Figure 17–13 Set Search Options for Service Provider Users

    Figure showing how to set the search options for Service Provider users