3 Managing Users

The Provisioning Gateway Administrative Console provides controls to configure user rights and activities. This chapter discusses the Console pages that contain these user settings.

3.1 Manage SSO Users Page

This page allows you to search for users and to add, modify, or delete their credentials. You can search for users by name or by their logons.

3.1.1 Finding Users

Use these parameters to specify the scope and specificity of a user search.

  • Show user(s) with User Name. Enter the user name to search for. Leave this field blank to perform a search on all users. In the drop-down list, select either substring match or exact match.

  • Only show users who have logons for. This list includes all the possible applications available to users in your organization. Select one or more application to filter the result to show only users who have logons for these applications.

  • Show additional information. The search results list the usernames. The search results can also show Logons or Pending Provisioning Instructions. Select either of these options if desired.

Click Find Users after you have entered all necessary information.

3.1.2 Search Results

The results list the User Name and, depending on whether additional information was selected, Logons and, if applicable, any Pending Provisioning Instructions. Use the buttons (which highlight on mouse-over) to add, delete, and modify users. Click on a user's name to view or edit that user's profile.

Note:

You cannot provision applications that are not predefined (for example, on-the-fly Web applications).
New Logon icon Add New Logon
Delete icon Delete SSO User or

Delete Logon or

Cancel Provisioning Request
Modify Logon icon Modify Logon

3.1.2.1 Managing Users

The following settings provide control over SSO users.

3.1.2.1.1 Add New Logon

This page allows you to create a provisioning instruction to add a new application logon for a specific user. This page is accessed by searching for a user on the Manage SSO Users page and clicking the button next to the User Name.

  • Add Logons

    • SSO User. The Logon Manager user name selected from the user search results.

    • Application. Lists all of the available applications. There is also an option to not list applications that user already has a logon for. After an application is selected, the Logon Information section refreshes and text boxes appear for each field required by the selected application.

    • Description. Allows you to modify a logon's description field as seen in the Logon Manager Logon Manager. This field is optional.

  • Logon Information

    • User ID. User's username or ID for the application.

    • Password/Confirm Password. User's password for the application.

      Note:

      After the User ID field is created, it cannot be modified. If a User ID must be changed, you must delete the existing logon and add a new logon with a new User ID. Depending on the requirements of the application being added, you might be prompted for additional fields, such as a Third or Fourth Field. Similarly, some applications might not require all of the fields. In such cases, the unnecessary fields do not appear.

      When you have entered all the required information, click Add Logon to submit your add request.

3.1.2.1.2 Delete SSO User

This dialog asks if you are sure that you want to delete the selected SSO user. Click OK to delete or Cancel if do not want to delete this user. When you click OK, a message will confirm that this user has been deleted.

Access this dialog by searching for a user on the Manage SSO Users page and clicking the button next to User Name.

3.1.2.1.3 Delete Logon

This dialog asks if you are sure that you want to delete the selected logon. Click OK to delete or Cancel if you do not want to delete this logon. When you click OK, a message will confirm that this logon has been deleted. Access this dialog by searching for a user on the Manage SSO Users page and clicking the button next to Logon.

3.1.2.1.4 Cancel Request

This dialog asks if you are sure that you want to cancel the pending provisioning instruction. Click OK to cancel or Cancel if you do not want to cancel this request. When you click OK, the page will refresh and the pending provisioning instruction will no longer be displayed. Access this dialog by searching for a user on the Manage SSO Users page and clicking the button next to Pending Provisioning Request.

3.1.2.1.5 Modify Logon

This page allows you to modify an application logon. Any fields that you leave blank on this page will not be changed. Access this page by searching for a user on the Manage SSP Users page and clicking the button next to User Name.

  • Logon to Modify

    • SSO User. The Logon Manager user name selected from the user search results.

    • Application. The application to be modified.

    • User ID. Username or ID for the application.

      Note:

      After the User ID field is created, it cannot be modified. If a User ID must be changed, you must delete the existing logon and add a new logon with a new User ID.

      If a logon does not have User ID associated with it, the password field cannot be modified. A User ID must exist in order to modify the password. Logons that do not have a User ID associated with them should be deleted and recreated with a User ID, if a new one is required.

  • New Logon Information

    • Password/Confirm Password. User's password for the application.

    • Description. Allows you to modify a logon's description field as seen in the Provisioning Gateway Logon Manager.

    • Third Field. The third field for this logon.

    • Fourth Field. The fourth field for this logon.

      Note:

      Third and Fourth Fields are required only if the identified application is configured with a Third or Fourth Field. Depending on the requirements of the application being added, you might be prompted for additional fields. Some applications might not require all of the fields. In such cases, the unnecessary fields do not appear.

      When you have entered all the necessary information, click Modify Logon to submit your modify request.

3.1.2.1.6 Edit User

This page displays the selected user's logons and any pending provisioning instructions. Access this page by searching for a user on the Manage SSO Users page and clicking on the user's name in the search results list.

User Name Displays the selected user's name.
New Logon icon Click to add a new logon for this user.
Delete icon Click to delete this user.
Logons Lists the logons assigned to the user.

Use the links and buttons (which highlight on mouse-over) to add, delete, and modify user logons.

Delete All Logons Removes all logon credentials from the user's directory.
Advanced Delete Allows you to generate a custom delete request.
Delete icon Deletes the specific logon associated with this user.
Modify icon Changes a user's logon credentials for a specific logon.

Note:

If a logon does not have a user ID associated with it, the password field cannot be modified. Any credentials that do not have a user ID associated with them should be deleted and replaced.
Pending Provisioning Items Displays any provisioning instructions pending for the selected user. Displays the provisioning instruction (such as add or delete), the application, and the creation and execution date for the provisioning instruction. Click Cancel Instruction to delete this instruction from the repository.

3.1.2.1.7 Advanced Delete

  • SSO User. Displays the Logon Manager user name selected from the user search results.

  • Application. Lists the applications that can be deleted from this user. Select the application to delete from the drop-down list. The credential fields associated with the selected application are displayed. You must fill in all the credential fields exactly as they are stored in the directory:

    • User ID. Enter the User ID.

    • Password/Confirm Password. User's password for the application. These fields only appear if the application is configured to only have a password field.

    • Description. Logon's description field as seen in the Logon Manager Logon Manager.

    • Third Field. The third field for this application logon.

    • Fourth Field. The fourth field for this application logon.

When you have entered all the information has been entered, click Submit to submit your delete request.

3.1.2.1.8 Add New SSO User

This page allows you to create new Logon Manager users. This creates a storage object in the repository for the user. After the user is created, the Add New Logon page appears so that you can add applications for the new user.

User Name. Enter the user name to add. Click Next. The Add New Logon screen opens.

Note:

The user name must exist in the directory. If it does not, an error will occur.