Return to Navigation

Provisioning Access Through the Gatekeeper

The Gatekeeper is a Campus Solutions security utility that has the responsibility of dynamically provisioning application level security access and navigational orchestration to Campus Solutions pages or even navigation outside of Campus Solutions to a newly authenticated user. Prior to redirecting a user to a specific target page, the Gatekeeper is also responsible for validating that the self-service requestor is authorized (provisioned) to access a particular self-service application.

The New User Registration framework is PeopleTools web service based and therefore usable from any technology that supports SOAP over HTTP web service integration.

The Gatekeeper and New User Registration

The New User Registration framework, after having successfully authenticated a user to your system, uses the Gatekeeper to optionally perform the following two tasks:

  1. Provisions the newly authenticated user with the security needed to perform the self-service transaction for which the user has signed in through New User Registration.

  2. Transfers the newly authenticated user to the target page defined for the self-service transaction for which the user has signed in through New User Registration.

The application level provisioning is performed just-in-time. The user’s user profile is being provisioned with the roles listed in the New User Registration Context ID used at the final moment when the user accesses the Campus system to perform a specific self-service transaction. Once provisioning is completed, if a target page is entered in the New User Registration Context ID, the Gatekeeper verifies the user has security access to the target page and if so, transfers the user.

The context in which the security role and the target page are defined is specific to the self-service transaction. The information is set up in the New User Registration Context setup page and stored under a New User Registration Context ID. The New User Registration Context ID is what the Gatekeeper needs to know to perform the security provisioning and the page transfer.

The use of the Gatekeeper within New User Registration is possible when the New User Registration login page is accessed from a launching point to perform a subsequent self-service transaction. For example, from your institution’s web site, you could advertise that it is possible to apply online at your institution and display a Click here to apply link. The link URL must include:

  • the content reference where the New User Registration login page is located so the user can be redirected to it

  • gatekeeper information

  • (optional) New User Registration context ID

From the launching point, the user is transferred to the New User Registration login page. Once successfully authenticated, New User Registration, through the Gatekeeper and the New User Registration Context ID passed in the URL, provisions the security role(s) related to the self-service transaction (for example, security role needed to access the Online Application page) and then transfers the user directly to the target page defined for performing the self-service transaction for which the user launched the New User Registration process. When no New User Registration Context ID is passed, the Gatekeeper uses the New User Registration Context ID you marked as the default.

Warning! When you deploy New User Registration framework, all the existing users you have in your system will need to have access to the Gatekeeper in order to use their existing user ID to sign in through a New User Registration login page. The new users (the guest creating a user ID through New User Registration) will be provisioned with the Gatekeeper security as part of the “basic provisioning” defined in the SCC_SS_TEMPLATE user ID.