Sun Java System Access Manager 7 2005Q4 Administration Guide

ProcedureTo Edit the User Profile

When a user who has not been assigned an administrative role authenticates to the Access Manager, the default view is their own User Profile. Additionally, administrators with the proper privileges can edit user profiles. In this view the user can modify the values of the attributes particular to their personal profile. The attributes displayed in the User Profile view can be extended. For more information on adding customized attributes for objects and identities, see the Access Manager Developer's Guide.

  1. Select the user who's profile is to be edited. By default, the General view is displayed.

  2. Edit the following fields:

    First Name

    This field takes the first name of the user.

    Last Name

    This field takes the last name of the user.

    Full Name

    This field takes the full name of the user.


    Click the Edit link to add and confirm the user password.

    Email Address

    This field takes the email address of the user.

    Employee Number

    This field takes the employee number of the user.

    Telephone Number

    This field takes the telephone number of the user.

    Home Address

    This field can take the home address of the user.

    User Status

    This option indicates whether the user is allowed to authenticate through Access Manager. Only active users can authenticate through Access Manager. The default value is Active. Either of the following can be selected from the pull-down menu: .

    • Active — The user can authenticate through Access Manager.

    • Inactive — The user cannot authenticate through Access Manager, but the user profile remains stored in the directory.

      Note –

      Changing the user status to Inactive only affects authentication through Access Manager. The Directory Server uses the nsAccountLock attribute to determine user account status. User accounts inactivated for Access Manager authentication can still perform tasks that do not require Access Manager. To inactivate a user account in the directory, and not just for Access Manager authentication, set the value of nsAccountLock to false. If delegated administrators at your site will be inactivating users on a regular basis, consider adding the nsAccountLock attribute to the Access Manager User Profile page. See the Sun Java System Access Manager 7 2005Q4 Developer’s Guide for details.

    Account Expiration Date

    If this attribute is present, the authentication service will disallow login if the current date and time has passed the specified Account Expiration Date. The format for this attribute is mm/dd/yyyy hh:mm.

    User Authentication Configuration

    This attribute sets the authentication chain for the user.

    User Alias List

    The field defines a list of aliases that may be applied to the user. In order to use any aliases configured in this attribute, the LDAP service has to be modified by adding the iplanet-am-user-alias-list attribute to the User Entry Search Attributes field in the LDAP service.

    Preferred Locale

    This field specifies the locale for the user.

    Success URL

    This attribute specifies the URL that the user will be redirected to upon successful authentication.

    Failure URL.

    This attribute specifies the URL that the user will be redirected to upon unsuccessful authentication.

    Password Reset Options

    This is used to select the questions on the forgotten password page, which is used to recover a forgotten password.

    User Discovery Resource Offering

    Sets the User Discovery service's resource offering for the user.

    MSIDSN Number

    Defines the user's MSISDN number if using MSISDN authentication.