FC2 Overview:
This document provides step-by-step instructions on the types of access a user can have in the OpenIAM panel after user creation. It also outlines the types of modifications a user can perform and the monitoring capabilities available for user activity.
In this document we cover these topics.
1.Verify User Creation in Active Directory
- 1.1 Access the Managed System
- 1.2 Edit Managed System (we chose AD Managed System)
- 1.3 Access the Base DN for user
2.Locate User via Search Bar and User Panel
- 2.1 type First Name into the search bar and review the results
3.OpenIAM User Profile Overview Guide
prerequisite:
create a user in OpenIAM :
To create a user in OpenIAM, you need to configure the necessary fields, including filling in the user's information, assigning appropriate roles, entering the email address, and providing the phone number, as we previously discussed.
You can find the steps in this guide:
1.Verify User Creation in Active Directory
1.1 Access the Managed System
locate the Provisioning tab in the main menu.
Click on the Managed System section.
Here, we observed that some Managed System was already in place.
1.2 Edit Managed System (we chose AD Managed System)
In the list of managed systems, locate the AD Managed System.
In the action section next to it, click on Edit. This allows you to modify specific details of the managed system.
1.3 Access the Base DN for user
Base DN for User: Specifies the location in Active Directory where new user accounts will be created.
OU = Your Organizational Unit
DC = Your Domain Component
DC = Your Network
Base DN for user: OU = Your Organizational Unit,DC = Your Domain Component,DC = Your Network
Example (based on our setup):
OU=test
Note:
Navigate to Active Directory Users and Computers, then find the Organizational Unit (OU) named test as per our setup.
This is where you can verify that the user has been created in Active Directory.
Accessing Active Directory Users and Computers
Login to your Active Directory machine.
Press Windows + R .
Type
dsa.mscand press Enter.
This opens the Active Directory Users and Computers console.
- Select the Organizational Unit (OU) that was defined in the Managed System LDAP configuration — in our case, it's the
testOU based on our setup.
- refresh the screen to load the latest information.
The user was created with the exact information we set before.
2.Locate User via Search Bar and User Panel
2.1 type First Name into the search bar and review the results
simply type First Name into the search bar
click on the First Name
- switch to the classic view
Note:
In this section, you can update the user’s information. After making changes, click Save to provision the updates again.
3.OpenIAM User Profile Overview Guide
Various settings are visible on the left side, which we’ll go over in the next steps.
User Entitlements
click on User Entitlements
You can view the roles assigned to the user. These roles could be linked to different services and applications, and they help determine the level of access granted to the user.
Based on our setup:
This account has the LDAP Managed System role, indicating that the user was created and provisioned through the LDAP Managed System.
User History
click on User History
You can see all user changes, logs, JSON data, and even deleted user records.
create user : time that user is created in OpenIAM.
Provisioning : when ensuring all attributes, such as email and phone number, are properly configured.
Provision add : when a user is added to Active Directory.
Note:
you can open it to review the description and identify the type of error it displays.
Based on our setup:
We open Provision add, where you can see the Business Role assigned to the user. This role determines what type of access the user should have and is mapped to the LDAP Managed System.
All the user information we previously configured, along with the metadata type, is automatically assigned to the user. You can see these details here:
The important part here is Save Connector Response.
save connector response: The response from Active Directory to OpenIAM indicates whether the connector response was successful or if it failed.
For example:
If you update the user's telephone number, then save the changes and the provisioning is successful, you will see a Provision Modify entry in the User History section.
Reset Password:
Users have the option to request a password reset via the self-service.
Superiors and Subordinates
It displays the user's assigned groups and teams, along with their access priority, which determines their level of access and permissions within the system.
Managed System Viewer
You can see which managed system the user was created in, whether the user is currently logged in, and whether the last provisioning operation was successful or not.
Certification History
This section displays any certificates the user has requested or been assigned.
Related accounts
This section shows all accounts related to the user, including any linked accounts across different services or systems.
User devices
This section displays a list of different devices the user has logged in from, along with the associated services or systems accessed.
OAuth Token
An OAuth token is a temporary access key given after login, letting users or apps access services without logging in again. In IAM, it shows tokens used to access external apps via OAuth 2.0.
User Workflow
The User Workflow section shows tasks or processes the user is involved in, like access requests or approvals. It helps track their status and lets admins manage or step in if needed.
Consent History
The Consent History section shows what permissions the user has agreed to, like terms of service or data sharing. It tracks when and how consent was given or withdrawn for compliance.
Top comments (0)