The following subcommands execute operations for managing identities associated with OpenSSO Enterprise.
Add an identity as a member of another identity.
ssoadm add-member --options [--global-options]
The name of the realm.
The name of the member's identity.
The type of the member's identity. For example, User, Role or Group.
The name of the identity.
The type of the identity.
The administrator ID running the command.
The filename that contains the password of the administrator.
Add privileges to an identity.
ssoadm add-privileges --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The names of the privileges to be added.
The administrator ID running the command.
The filename that contains the password of the administrator.
Add a service to an identity.
ssoadm add-svc-identity --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Create an identity in a realm.
ssoadm create-identity --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, inetuserstatus=Active.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Delete the identities in a realm.
ssoadm delete-identities --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
Get the identity property values.
ssoadm get-identity --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute names. All attribute values will be returned if this option is not provided.
Get the service in an identity.
ssoadm get-identity-svcs --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
Attribute name(s). All attribute values shall be returned if the option is not provided.
List the identities in a realm.
ssoadm list-identities --options [--global-options]
The name of the realm.
Filter by a pattern.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
List the assignable services for an identity.
ssoadm list-identity-assignable-svcs --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
Remove the membership of an identity from another identity.
ssoadm remove-member --options [--global-options]
The name of the realm.
The name of the member's identity.
The type of the member's identity. For example, User, Role or Group.
The name of the identity.
The type of the identity.
The administrator ID running the command.
The filename that contains the password of the administrator.
Remove the privileges from an identity.
ssoadm remove-privileges --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The names of the privileges to be removed.
The administrator ID running the command.
The filename that contains the password of the administrator.
Remove a service from an identity.
ssoadm remove-svc-identity --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set the attribute values of an identity.
ssoadm set-identity-attrs --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Set the service attribute values of an identity.
ssoadm set-identity-svc-attrs --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Show the allowed operations of an identity in a realm.
ssoadm show-identity-ops --options [--global-options]
The name of the realm.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the service attribute values of an identity.
ssoadm show-identity-svc-attrs --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the supported identity types in a realm.
ssoadm show-identity-types --options [--global-options]
The name of the realm.
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the members of an identity. For example, the members of a role.
ssoadm show-members --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The membership identity type.
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the memberships of an identity. For example, the memberships of a user.
ssoadm show-memberships --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The membership identity type.
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the privileges assigned to an identity.
ssoadm show-privileges --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.