Read this chapter to learn about the Waveset graphical user interfaces (UI) and how you can quickly begin using Waveset.
Topics covered include:
The Waveset system includes two primary graphical interfaces through which users perform tasks. These interfaces are the end-user interface and the administrator interface. The end-user interface (also called the User interface) is discussed later in this chapter on Waveset End-User Interface. The Administrator interface is discussed here.
The Waveset Administrator interface serves as the primary administrative view of the product. Through this interface, Waveset administrators manage users, set up and assign resources, define rights and access levels, and audit compliance in the Waveset system.
Interface organization is represented by these elements:
Navigation bar tabs. Located at the top of each interface page, these tabs let you navigate major functional areas.
Subtabs or menus. Depending on your specific implementation, you may see secondary tabs or menus below each navigation bar tab. These subtab or menu selections let you access tasks within a functional area.
In some areas, such as Accounts, tabbed forms divide longer forms into one or more pages, enabling you to navigate them more easily. This is illustrated in Figure 2–1.
A quick reference to performing administrative tasks in the UI is available in Appendix C, User Interface Quick Reference.
Open a Web browser and type the following URL into the address bar:
http://<AppServerHost>:<Port>/idm/login.jsp |
Enter your user ID and password and click Log In.
The Administrator interface opens if your User ID has assigned capabilities and an assigned controlled organization.
If cookies are enabled in the administrator’s Web browser, administrators will remain logged on to the Administrator interface up to the time allotted by the configured session limit. If cookies are disabled in the browser, then certain actions will cause the system to prompt the administrator to log in again during the session.
These actions include:
Administrator, role, and organization rename cancellation
Organization deletion cancellation
User login module and admin login module creation
To avoid multiple login requests, cookies should be enabled.
Waveset allows an administrator to retrieve his or her forgotten user ID. When an administrator clicks Forgot Your User ID? from the login page, a lookup page appears and requests identity attribute information associated with the account, such as first and last name, email address, or phone number.
Waveset then constructs a query to find a single user matching the entered values. If no match is found, or multiple matches are found, then an error message appears on the Lookup User ID page.
The lookup feature is enabled by default, but you can use one of the following actions to disable this feature:
Set forgotUserIdMode in login.jsp to a value of false.
Edit the system configuration object and set the disableForgotUserId attribute to a value of true for the admin attribute and/or the user attribute.
For instructions on editing the system configuration object, see Editing Waveset Configuration Objects.
If you upgrade from an earlier Waveset version to version 8.1.1, the Forgot Your User ID? feature will be disabled by default.
To enable this feature, you must modify the following attributes in the System Configuration object (Editing Waveset Configuration Objects):
ui.web.user.disableForgotUserId = false ui.web.admin.disableForgotUserId = false |
The set of user attribute names presented are configured through the system configuration attributes security.authn.lookupUserIdAttributes.<Administrator Interface | User Interface>. The attributes that can be specified are those defined as queryable attributes in the IDM Schema Configuration configuration object.
If recovered, then Waveset sends email to the email address of the recovered user by using the User ID Recovery email template.
The Waveset end-user interface (also known as the Waveset user interface) presents a limited view of the Waveset system. This view is specifically tailored to users without administrative capabilities.
For instructions on how to log on to the end-user interface, see Logging in to the Waveset End-User Interface.
A user can perform various activities from the User interface, such as changing their password, performing self-provisioning tasks, and managing work items and delegations.
Waveset can be configured so that users can request an account by clicking a link on the end-user interface login page. For details, see Anonymous Enrollment.
The end-user interface is organized into the following tabs:
When a user logs in to the Waveset User interface, any pending work items and delegations for the user are displayed on the Home tab, as illustrated in the following figure.
The Home tab provides quick access to any pending items. Users can click an item in the list to respond to a work item request or perform other available actions.
The Work Items tab is further divided into separate Approvals, Attestations, Remediations, and Other tabs. In this area of the user interface users can approve or reject any pending work items that the user owns or has the authority to act on.
The Requests tab has two subtabs: Launch Requests and View.
On the Launch Requests tab users have two choices: Update My Roles and Update My Resources.
On the Update My Roles page, users can request from a list of available roles that may be appropriate for the user. When the end-user submits a role request, a work item is generated and an approval notification is sent to the designated approvers for that role. End-users can also request that they be removed or deassigned from one or more roles.
See the Chapter 5, Roles and Resources chapter for information on how to create optional roles that end-users can request access to.
On the Update My Resources page, users can request from a list of individual resources that may be appropriate for the user. As with role-requests, resource-requests generate work items that require an approval before they can be processed.
The View subtab displays status details for requests submitted by the user. From this area users can view the process status and task results for the requests they submit.
From the Delegations tab, users can delegate work items to other Waveset users. For example, a user who is the assigned approver for one or more roles can designate that future approval work items be sent to a colleague for a certain amount of time while the user is away on vacation. Using the Delegations page, users can create and manage delegations without requiring the assistance of an administrator.
End-users can manage their Waveset password and account attribute settings from the Profile tab. This tab is divided into the following four subtabs:
Change Password. End-users can change their password on a selected resource or on all resources.
Account Attributes. End-users can change certain attributes, such as the account email address that Waveset sends account notifications to.
Authentication Questions. Used to manage authentication questions and answers for the user account.
Access Privileges. Lists the user’s currently assigned role and resource assignments.
Use the following instructions to log into the Waveset End-User Interface.
Open a Web browser and type the following URL into the address bar:
http://<AppServerHost>:<Port>/idm/user/login.jsp |
Enter a user ID and password and click Log In.
The end-user interface opens.
Waveset allows end-users to retrieve their forgotten user IDs. For more information, see Forgotten User ID in the Logging in to the Waveset Administrator Interface section.
To successfully complete some tasks, you might need to consult Help and Waveset guidance (field-level information and instructions). Help and guidance are available from the Waveset Administrator and User interfaces.
For task-related help and information, click the Help button, which is located at the top of each Administrator and User interface page, as depicted in the following figure.
At the bottom of each Help window is a Contents link that guides you to other Help topics and the Waveset terms glossary.
Waveset guidance is brief, targeted help that appears next to many page fields. Its goal is to help you enter information or make selections as you move through a page to perform a task.
A symbol marked with the letter “i” displays next to fields with guidance. Click the symbol to open a window and display its associated information.
The administrator interface includes pages that are useful when you need to optimize Waveset or troubleshoot a problem. To access these pages open the Waveset Debug Page, which is also called the System Settings page.
To open the Waveset Debug Page, type the following URL into your browser. (Depending on your platform and configuration, URLs may be case-sensitive.)
http://<AppServerHost>:<Port>/idm/debug/session.jsp
Users must have the Debug capability to view /idm/debug/ pages. For information about capabilities, see Assigning Capabilities to Users.
For information about troubleshooting Waveset, seeChapter 5, Tracing and Troubleshooting, in Oracle Waveset 8.1.1 System Administrator’s Guide.
The Identity Manager Integrated Development Environment (Identity Manager IDE) provides a graphical view of Waveset forms, rules, and workflows. It is a fully integrated NetBeans plug-in that is distributed with Waveset in the Waveset distribution package.
Using the Identity Manager IDE, you create and edit forms that establish the features available on each Waveset page. You can also modify Waveset workflows, which define the sequence of actions followed or tasks performed when working with Waveset user accounts. Additionally, you can modify rules defined in Waveset that determine workflow behaviors.
To download the Identity Manager IDE, visit this website:
https://identitymanageride.dev.java.net/
You can also use the Business Process Editor (BPE) to make customizations, if you have it installed with earlier versions of Waveset.
After you become familiar with Waveset interfaces and the ways that you can find information, use the following reference to guide you to the topics you want to focus on:
Chapter Topic |
Description |
---|---|
Describes the Accounts area of the interface and provides procedures for managing user accounts. |
|
Describes how to work with Waveset roles and resources. |
|
Describes the configuration tasks and how to set up Waveset objects. |
|
Explains how to create and manage Waveset administrators and organizations. |
|
Provides a guide to the features and tools you can use to maintain current data in Waveset. |
|
Describes the reports and how to generate them. |
|
Describes the Task Templates you can use to configure certain workflow behaviors. |
|
Describes the audit logs and how the auditing system works. |
|
Describes how to set up the PasswordSync utility to synchronize password changes in Windows Active Directory domains with changes with Waveset. |
|
Describes the security features and how to use them. |
|
Describes basic auditing concepts. |
|
Describes how to create audit policies. |
|
Describes how to conduct audit reviews and implement practices that help you manage compliance with federally mandated regulations |
|
The Data Exporter feature allows you to write information about users, roles, and other object types to an external data warehouse. |
|
Describes features for managing service provider users. |
|
Describes commands available from the Waveset command line. |
|
Audit data schema values for the supported database types and audit log database mappings |
|
A quick reference to performing administrative tasks in the UI. It shows the primary location where you will go to begin each task, as well as alternate locations or methods (if available) that you can use to perform the same task. |
|
A list of Waveset’s default task-based and functional capabilities (with definitions). This appendix also lists the tabs and subtabs that may be accessed with each task-based capability. |