Step 1: Initial Setup for New User Registration

To create user accounts, New User Registration requires two pre-defined user profiles set with the following user IDs: SCC_GUEST and SCC_SS_TEMPLATE.

Once created, those user profiles can be used as templates to grant your guests basic security access to your PeopleSoft system.

To be provisioned with application level security and transfer to a specific target page, the newly created user ID must be provisioned with a security role granting access to the Gatekeeper.

Creating a Role

You must create a role that contains security access to the security objects that is needed to use New User Registration (e.g. Gatekeeper and Forgot Password/Forgot User ID utilities). To create the role, use the Roles component (PeopleTools, and then Security, and then Permissions & Roles, and then Roles), then enter the following information:

Field Value

Role Name

<name of your choice. E.g.’CS - NUR GateKeeper’>

Description

<description of your choice>

Permission Lists

HCCPCSSA1200 - CS NUR GateKeeper. This permission list is delivered with your system. It grants security access to generic NUR objects:

  • Web library: WEBLIB_SCC_NUR. This web library contains the following permissions and access should be set accordingly:

    • SCC_SS_AUTOLOGGER.FieldFormula.IScript_SCC_AutoLogger = Full Access

    • SCC_SS_GATEKEEPER.FieldFormula.IScript_SCC_GateKeeper = Full Access

    • SCC_SS_GATEKEEPER.FieldFormula.IScript_SCC_setPSToken The function is set with Access Permissions = No Access.

  • Page access

    • Menu Name = SCC_NUR

    • Component Name = SCC_NUR_REG (contains the delivered sample NUR Sample login page)

  • Web services used for generic registration and authentication logic

    • SCC_USERREG_AUTHENTICATION (Full Access)

    • SCC_USERREG_CREATEACCT (Full Access)

HCCPCSSA1210 - CS NUR Utilities. This permission list is delivered with your system. It grants security access to optional NUR utilities such as Forgot Password and Forgot User ID:

  • Page access to the PeopleTools delivered ‘Change My Password’

    • Menu Name = MAINTAIN_SECURITY

    • Component Name = CHANGE_PASSWORD

  • Web services used for the Forgot Password and the Forgot User ID utilities:

    • SCC_USERREG_GET_PASSWORD (Full Access)

    • SCC_USERREG_GET_USERID (Full Access)

    • SCC_USERREG_GET_PSWD_HINT (Full Access)

  • Component Interface: SCC_NUR_EMAIL_PSWD

    • Cancel – Full Access

    • Find – Full Access

    • Get – Full Access

    • Save – Full Access

  • Component Interface: USERPROFDIST_ADD_CI

    • Cancel – Full Access

    • Find – Full Access

    • Get – Full Access

    • Save – Full Access

  • Component Interface: USERPROFDIST_UPD_CI

    • Cancel – Full Access

    • Find – Full Access

    • Get – Full Access

    • Save – Full Access

  • Allow Password to be Emailed = ‘Y’ (used for the Forgot Password utility).

Role Grant

Any role which includes permission lists which allow NUR Gatekeeper access and is used to grant security access to other roles must include Role Grant definitions.

See PeopleTools: Security Administration, “Implementing Distributed User Profiles”.

Creating SCC_GUEST user ID

In PeopleTools 8.5+, any anonymous inbound request originates from the ANONYMOUS node. For example, when a guest (unknown person) requests for a user ID, the user registration service operation associates the request with the ANONYMOUS node.

To enable anonymous access to Campus Solutions web services in a secure fashion, the PeopleSoft system, by default, associates all anonymous requests with a default account: SCC_GUEST. Therefore, to use New User Registration, you need to set up a default user profile that has minimal system access. This default user profile should be set with the User ID SCC_GUEST.

To create the SCC_GUEST account, use the User Profiles component (PeopleTools, and then Security, and then User Profiles, and then User Profiles) and enter the following information:

Field or Control Description

User ID

SCC_GUEST

Symbolic ID

<As defined for your institution>

Password

<password of your choice>

Confirm Password

<password of your choice>

Language Code

<Language of your choice>

ID Type

None

Role Name

PeopleTools and Standard Non-Page Permissions and either CS – NUR GateKeeper or the role name you created above to grant access to the New User Registration Gatekeeper.

Note: The anonymous user needs access to a role that contains the permission list HCCPCSSA1210 – CS NUR Utilities. In this way, the anonymous user can use the Forgot User ID and Forgot Password utilities.

Perform the following steps to update the ANONYMOUS Integration Broker node:

  1. Access the Node Definitions page (PeopleTools, and then Integration Broker, and then Integration Setup, and then Nodes), and select Node Name ANONYMOUS.

  2. In the Node Definitions tab, ensure that Node Type is set to External, the Default User ID is set to SCC_GUEST, and the Active Node and Segment Aware options are selected.

  3. In the WS Security tab, enable WS-Security for this node by selecting an authentication token type (for instance Username Token).

Note:

It is assumed that you have performed and validated all the basic Integration Broker setups prior to setting up the node. See PeopleTools: Integration Broker for information on Integration Broker gateway setup and service configuration.

Creating SCC_SS_TEMPLATE User ID

After successfully processing the user registration request, the user registration service operation creates a new account for the user. In other words, the service operation creates a PeopleTools user profile for the guest. The service operation uses the template account SCC_SS_TEMPLATE to clone its security setup and create a new account for the guest.

Create the SCC_SS_TEMPLATE account and assign any common default values that your institution wants new users to automatically receive when registering. To be authenticated to your system through New User Registration, the new user needs to have access to the Gatekeeper. Add to this user ID template the role you created above to grant access to the Gatekeeper.

To create the SCC_SS_TEMPLATE account, use the User Profiles component (PeopleTools, and then Security, and then User Profiles, and then User Profiles) and enter the following information:

Field or Control Description

User ID

Enter SCC_SS_TEMPLATE.

Symbolic ID

<As defined for your institution>

Password

<password of your choice>

Confirm Password

<password of your choice>

Language Code

<Language of your choice>

Navigator Homepage

Enter HCSPNAVHP.

Process Profile

Enter HCSPPRFL.

Primary

Enter HCPPALL.

Identifying a Primary Permission List is needed for personal data information getting its security information from there. For example, Citizenship, Visa Permit, Demographic Data Access (DDA), and so on.

Row Security

Enter HCDPALL.

ID Type

None

Role Name

Examples: PeopleSoft User, Standard Non-Page Permissions and either CS – NUR GateKeeper or the role name you created above to grant access to the New User Registration Gatekeeper. Also, add any other roles you want to grant access your guests at the moment of registering.

Make sure the role names you include in this generic user ID template only grant access to basic components and security objects to access your PeopleSoft Campus Solutions system. The role names provided here are only examples.

WARNING:

The information given in the grid above related to SCC_SS_TEMPLATE role assignment and configuration are for use only in a testing or demo environment. Before migrating your transaction setup and the web services to a production environment, it is recommended that you complete a thorough analysis of your institution's security requirements.

It is also recommended that you allocate the SCC_SS_TEMPLATE user ID only a minimal amount of system access that is required to execute the needed web services for your self-service transactions. You define Web Services access under PeopleTools, and then Security, and then Permissions & Roles, and then Permission Lists, and then Web Services. For instance, any roles that you assign to the SCC_SS_TEMPLATE should contain at least a Permission List that has access to the following web services:

Web Services Service Operations Access Definition

<custom services>

<custom service operations>

Full Access

Web services you created to perform your self-service transactions.

For example, to perform the AAWS online application transactions, select Service SAD_ADMISSIONS and select Full Access to each of the service operations. If you setup a transaction for Delegated Access, select Service SCC_DA and select Full Access to each of the service operations.

SCC_USERREG

SCC_USERREG_AUTHENTICATE

SCC_USERREG_CREATEACCT

Full Access

Web services to use New User Registration and User Authentication.

SCC_LOV

SCC_GET_LOV

Full Access

Optional. Web service to use List of Values.

SCC_SM_SERVICE

SCC_SM_SERVICE_SYNC

Full Access

Optional. Grant access only if you use External Search/Match.

SCC_SM_FETCH

SCC_SM_FETCH_SYNC

Full Access

Optional. Grant access only if you use External Search/Match.

Similarly, any roles that you assign to the SCC_SS_TEMPLATE user ID template should contain at least a Permission List that has access to the following HCM component interfaces that are required to operate these services (which are used by CTM to access the HCM Person data):

  • HCR_EMPLOYEE_CHECKLIST_SRV

  • HCR_IDENTIFICATN_DATA_SRV

  • HCR_JOB_DATA_POI_SRV

  • HCR_MIL_EE_TRK_SRV

  • HCR_NAMES_OTHER_SRV

  • HCR_PERSONAL_DATA_SRV

Assigning Specific Security Roles to a User

Because different online transactions integrated with New User Registration can have their own security needs, each online transaction can define these roles in the New User Registration Context page.

See Step 3: Defining New User Registration Contexts.