DEV Community

hediyeh kianmehr
hediyeh kianmehr

Posted on • Edited on

How to provision?

Overview:

This document provides step-by-step instructions for provisioning.
we first create a new user in OpenIAM and It also includes steps to verify the user's existence in Active Directory setup successfully.

note:

Provision: means that whenever you create a user, it is automatically added to the Active Directory and created without requiring manual intervention.

In this document we cover these topics.

1.How to create a user in OpenIAM?

  • 1.1 Configure the necessary fields to create new user

  • 1.2 Template based view view vs. Classic view (in our setup we chose Classic view)

  • 1.3 importance of assigning roles

2.verify if the user has been created in Active Directory by checking in OpenIAM

  • 2.1 How to navigate to the user identities

  • 2.2 type user name into the search bar and review the results.

3.How to edit user details in OpenIAM

  • 3.1 How to navigate to the user that wants to edit

4. How can we determine the types of access that users have?

  • 4.1 How to navigate to the User Entitlement

5. How can we get a comprehensive overview of all users?

  • 5.1 How to navigate to the user history

6.verify if the user has been created in Active Directory by checking in Active Directory

  • 6.1 How to navigate to the Active Directory Users and Computers tool

1.How to create a user in OpenIAM

1.1 Configure the necessary fields to Create New User

Navigate to User Admin Tab
Select the option to Create New User

Select User Type: Default User

1.2 Template based view view vs. Classic view (in our setup we chose Classic view)

We chose the classic view as it allows us to provide more detailed information to the user.

login

login: It is generated after the user creates the interface.

Fill in User Information

First Name: User First Name
Last Name: User Last Name
Metadata Type: Default User

1.3 importance of assigning roles

Importance: Roles are crucial in OpenIAM as it operates on a role-based system. Without assigning roles, users cannot be provisioned.

note:
Some fields are not mandatory, but certain ones, like the role field, must be filled in for sure.

Active Directory Members

In our set up you should first ensure that the Active Directory Members role is already created.

If it hasn't been created yet, please create the Active Directory Members role first before proceeding to create a user.

Here is a link that provides guidance on creating Active Directory Members roles.

https://dev.to/hediyeh_kianmehr_45f78137/role-25mh

create business rules(AD PowerShell Managed System)

After setting the Active Directory Members, you should proceed to configure the business rules.

Detailed instructions on how to do this can be found within this document.

https://dev.to/hediyeh_kianmehr_45f78137/business-roles-4bpa

After completing these steps, you can proceed to assign the managed system and relevant role.

Select a Managed System: AD PowerShell Managed System
Type a Role Name: Active Directory Members

Fill in Email Address

Email Address Type:primary email
Email Address:Type your email address in here

note:
The reasoning behind selecting this type can be found at this document.

https://dev.to/hediyeh_kianmehr_45f78137/not-visible-38j

Fill in phone

Phone Type: Office Phone

note:
The reasoning behind selecting this type can be found at this document.

https://dev.to/hediyeh_kianmehr_45f78137/not-visible-38j

Country Code: Since we have Iranian user,the country code is +98
Area Code: Since we have Iranian user,the area code is also +98
Phone Number:Please provide your phone number

Fill in notifications

First Checkbox: Unticked
Second Checkbox: Unticked

note:
If the email is fake, we need to untick the first two checkboxes. Since the email is not genuine, notifications won't be received.

Third Checkbox: unticked

note:
the third checkbox should be unticked as it is meant to wait until the user starts using the system and then provisioning which is not the desired behavior in this case.

Click on the save button

After completing all these steps, make sure to click Save. Once the user is provisioned.

2.verify if the user has been created in Active Directory by checking in OpenIAM

note:
When a user is created in any service or machine, it appears in user identities.

2.1 How to navigate to the user identities

  • We navigate to the user info.

  • switched to the classic view.

We have this user in the web console of OpenIAM, and it also exists in Active Directory PowerShell Managed System.

Congratulations! The user has been successfully created in the OpenIAM.

2.2 type First Name into the search bar and review the results

  • simply type First Name into the search bar

  • click on the First Name

  • switch to the classic view

you can view the OpenIAM ID

User Status: refers to the current state of a user account within the OpenIAM system.

Example (based on our setup):
User Status: The status of this user indicates that they have not logged in for the first time yet

3.How to edit user details in OpenIAM

3.1 How to navigate to the user that wants to edit

  • simply type First Name into the search bar.

  • click on the First Name.

  • Clicking on the edit option allows modification of user attributes.

note:

Caution is advised when selecting the correct attribute type for accurate mapping.

Example: Ensure that cell phone in the policy map aligns with office phone in Active Directory.

For more detailed information, refer to the relevant documentation:
https://dev.to/hediyeh_kianmehr_45f78137/not-visible-38j

4.How can we determine the types of access that users have?

4.1 How to navigate to the User Entitlement

click on User Entitlement

note:
it will display the types of access the user has, along with the groups and services they are entitled to.

Example (based on our setup):

Only the account group is authorized for this, and it also holds the role of Active Directory Members.

5.How can we get a comprehensive overview of each user?

note:
The user history section provides a overview of all past activities in a timeline format.

5.1 How to navigate to the user history

click on User history

create user : time that user is created.
Provision add : when a user is added to Active Directory.
Provisioning : when ensuring all attributes, such as email and phone number, are properly configured.
save connector response: The response from Active Directory to OpenIAM indicates whether the connector response was successful or if it failed.

note:
you can open it to review the description and identify the type of error it displays.

6.verify if the user has been created in Active Directory by checking in Active Directory

6.1 How to navigate to the Active Directory Users and Computers tool

  • Login to your Active Directory machine.

  • Press Windows + R on your keyboard.

  • type dsa.msc to launch the Active Directory Users and Computers tool.

  • Please navigate to your domain.

Example (based on our setup):
domain= Saeigroup.local

  • Please navigate to your Organizational Unit.

Example (based on our setup):
Organizational Unit= SaeiUser

note:
If you are looking for a user that was created earlier,
you can refresh the screen to locate it in the specified directory.

Congratulations! The user has been successfully created in the Active Directory.

note:
Also if you click on it, you will be able to see the display name and the email address that you have set.

The problem with the telephone field lies in the fact that the area code and country code are merged, which is not ideal.
You can resolve this problem by referring to the document provided.

https://dev.to/hediyeh_kianmehr_45f78137/guide-to-resolve-the-issue-with-typing-telephone-numbers-after-provisioning-4k6l

Top comments (0)