Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
en:services:general_services:idm:idm-portal_documentation [2019/08/22 11:05] – [Password] bbrauns | en:services:general_services:idm:idm-portal_documentation [2023/01/31 09:54] – [Search results] baltman | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== IdM-Portal documentation ====== | ||
+ | |||
+ | ==== Overview ==== | ||
+ | The portal is available at [[https:// | ||
+ | |||
+ | {{: | ||
+ | |||
+ | The navigation menu is on the left side. The menu is divided into **Workspaces** and **Actions**. Each workspace is a separate environment where different types of objects like users or distribution groups can be found. Available actions such as //search// or //create// always refer to the currently selected workspace.\\ | ||
+ | {{: | ||
+ | |||
+ | ===== User management ===== | ||
+ | ==== Search ==== | ||
+ | You can search for objects based on different attributes like username, e-mail address, user status, firstname, lastname, etc. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | For some attributes a value must be selected (e.g. **user status**).\\ | ||
+ | |||
+ | {{: | ||
+ | |||
+ | <WRAP center round tip 60%> | ||
+ | The * character can be used as a wildcard, but only with the operator: **equal**. | ||
+ | You can use **" | ||
+ | </ | ||
+ | |||
+ | |||
+ | === Search results === | ||
+ | A list of objects will be shown after submitting the search form.\\ | ||
+ | {{: | ||
+ | |||
+ | <WRAP center round info 60%> | ||
+ | You will be redirected to the edit page if only one object was found. | ||
+ | </ | ||
+ | |||
+ | The search result list contains a subset of the objects attributes. The shown attributes can be customized in the [[idm-portal_documentation# | ||
+ | |||
+ | ==== Edit ==== | ||
+ | After switching to the edit page new specific actions for the currently selected object appear on the left side menu. Attributes of a selected object are categorized into groups like **general user data** or **Email**. You can show/hide a group by clicking on the + or - Symbol on the right.\\ | ||
+ | {{: | ||
+ | |||
+ | === History === | ||
+ | By clicking the **history** action attribute and password changes can be reviewed. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | <WRAP center round info 60%> | ||
+ | Please note that this view contains only changes made by administrators via the idm portal. Changes via the idm synchronization mechanisms (drivers) are not displayed. | ||
+ | </ | ||
+ | |||
+ | === Personal settings === | ||
+ | The personal settings menu can be used to change for example the number of elements or the attributes shown after searching. | ||
+ | {{: | ||
+ | |||
+ | ==== Special attribute descriptions ==== | ||
+ | |||
+ | === Email forwarding === | ||
+ | |||
+ | Two attributes can be used to forward incoming mails: **routing addresses** and **exchange redirect address**. If the user has an exchange mailbox you should use the exchange redirect address, otherwise use routing addresses. | ||
+ | |||
+ | ^ Name ^ Multiple values ^ Forward internal sent emails | ||
+ | | routing addresses | ||
+ | | exchange redirect address | ||
+ | |||
+ | <WRAP center round important 60%> | ||
+ | If the source and the target mailbox are within the same Exchange organization the mail is delivered directly into the target mailbox which prevents the **routing addresses** attribute from taking effect. | ||
+ | </ | ||
+ | |||
+ | === Visibility in Exchange addressbook === | ||
+ | By default, all users are displayed in the Exchange address lists. To change this setting check the **hide from address lists** checkbox. <WRAP center round info 60%> | ||
+ | When using the Exchange cache mode with an Outlook client, the updating of the address book can take up to 48 hours. Outlook Web Access under https:// | ||
+ | </ | ||
+ | |||
+ | === Remove Active Directory short time lockout === | ||
+ | The Active Directory automatically locks a user account for a certain time (usually 30 minutes) if the password is entered incorrectly for 3 times. To remove this lock the corresponding ** short time lockout (AD) ** checkbox must be unchecked. | ||
+ | |||
+ | === Enable/ | ||
+ | You can enable and disable accounts by changing the **user status**. | ||
+ | Send an email to [[support@gwdg.de]] if you want to reactivate a deleted accout. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | === Delete === | ||
+ | Users can be deleted by activating the **deferred deletion**. An information email is send to the user regarding the deletion of the account. The user will be automatically set to status **delete** after 14 days. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | === Expiration date === | ||
+ | You can set an expiration date for users. The deferred deletion will be activated when the expiration date is reached. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | === Password === | ||
+ | == Change == | ||
+ | Passwords are set as an **initial password** according to the following table. Initial passwords expire 14 days after password change. The user will be disabled if the password is not changed within this period. | ||
+ | |||
+ | ^ Organization ^ Initial password ^ Expiration ^ Notification ^ | ||
+ | |All| yes | 14 days |7 days before expiration | ||
+ | |UNI| no | 1 year |4 weeks before expiration weekly, \\ 7 days before expiration daily| | ||
+ | |MPG| no | never or upon request | | | ||
+ | |||
+ | {{: | ||
+ | |||
+ | == Generate and print == | ||
+ | You can also generate a random password by clicking the **Generate** button. You must **save** or **save & print** the password afterwards. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | A PDF document will be generated and opened if you choose **Save and Print**. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | <WRAP center round info 60%> | ||
+ | The template for the generated PDF file can be set individually for each institution. If you desire to use a non-standard template, write a mail to idm-support@gwdg.de. The template should be created in the docx format. As placeholders the following values can be used: first name, last name, username, password | ||
+ | </ | ||
+ | |||
+ | ===== Distribution list management ===== | ||
+ | ==== Distribution list overview ==== | ||
+ | Currently there are three different types of distribution lists: LDAP distribution list, static Exchange distribution group and dynamic Exchange distribution group. | ||
+ | |||
+ | **LDAP distribution list** | ||
+ | * May contain external email addresses | ||
+ | * Not visible in the Exchange addressbook | ||
+ | * [[# | ||
+ | |||
+ | **Static Exchange distribution group** | ||
+ | * May only contain members within the Exchange organization (inlcuding email enabled users) | ||
+ | * Visible in the Exchange addressbook | ||
+ | * Members are shown in addressbook | ||
+ | * Send permissions can be defined | ||
+ | * [[# | ||
+ | |||
+ | **Dynamic distribution group** | ||
+ | * May only contain members within the Exchange organization (inlcuding email enabled users) | ||
+ | * Members are added automatically based on a specified filter expression | ||
+ | * Send permissions can be defined | ||
+ | * Can be shown in Exchange addressbook | ||
+ | * [[# | ||
+ | |||
+ | **Group management** | ||
+ | * Can act as an Static Exchange distribution group | ||
+ | * Visible in the Exchange addressbook | ||
+ | * Members are shown in addressbook | ||
+ | * Send permissions can be defined | ||
+ | * Edeting can be limited to certain user | ||
+ | * [[# | ||
+ | |||
+ | ==== Create ==== | ||
+ | To create a distribution list you must first choose the correct workspace and click **create**. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | ==== Delete ==== | ||
+ | |||
+ | You must first switch to the edit view of a distribution list. There you can click the **delete** action on the left. | ||
+ | |||
+ | <WRAP center round important 60%> | ||
+ | Be aware that the deletion is immediately and a deleted list can not be recovered. | ||
+ | </ | ||
+ | |||
+ | ==== Static Exchange distribution group ==== | ||
+ | == Add / Remove members == | ||
+ | A user can be added by clicking the **Add** button and insert the username or email address. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Alternatively you can open a search form by clicking **select** if you don't know the username or email address. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Members can be removed by selecting them in the grid and click the **remove button**. | ||
+ | |||
+ | === Send permissions === | ||
+ | You can set send permissions to control who can send to the list. | ||
+ | Users who are not allowed will receive a notification email if they try to send to the list. | ||
+ | You can choose between different settings: | ||
+ | * Unrestricted or as specified (default): Everybody is allowed to send to the list if the send permission list is empty otherwise only the specified users/ | ||
+ | * Organization: | ||
+ | * Institute: All users of your institution with an Exchange mailbox or email enabled users are allowed to send to the list. | ||
+ | ==== Dynamic Exchange distribution group ==== | ||
+ | === Overview === | ||
+ | Dynamic Exchange distribution groups are used to add members based on a filter expression. This filter specifies which attribute values an object needs to be part of this group (e.g. all objects with the attribute " | ||
+ | <WRAP center round tip 60%> | ||
+ | You can easily create a distribution group for all members (normal user) of the department "AG I" by using the filter: | ||
+ | |||
+ | '' | ||
+ | |||
+ | All new staff will automatically be added to this group if the department is set to **AG I**." | ||
+ | </ | ||
+ | |||
+ | <WRAP center round important 60%> | ||
+ | When using multiple filters be aware of logical interpretations of those filters and its grouped components. | ||
+ | Using parentheses might be very useful or even necessary! | ||
+ | |||
+ | For example: Addressing all normal user in two departments. | ||
+ | |||
+ | **False**: just lining up each expression: | ||
+ | |||
+ | '' | ||
+ | |||
+ | This will address all normal user for the department 'AG I' but for 'AG O' it will also address all other possible user types (**including distribution lists**). | ||
+ | |||
+ | **Right**: To ensure only normal user are addressed in both departments the conditions need to be separated and grouped. | ||
+ | |||
+ | '' | ||
+ | |||
+ | or, without parentheses, | ||
+ | |||
+ | '' | ||
+ | |||
+ | </ | ||
+ | |||
+ | The Filter uses the OPath-Syntax: | ||
+ | You can use parentheses for complex filters as well. | ||
+ | |||
+ | **Supported variables** | ||
+ | ^ Variable ^ Description ^ | ||
+ | |$department |Department | | ||
+ | |$title |Job title | | ||
+ | |$usertype |User type (0 = normal user, 1 = time based user, 2 = course user, 4 = function account) | | ||
+ | |$userstatus |User status (0 = active, 1 = disabled, 2 = delete) | | ||
+ | |$gender |Gender: Valid values are (M/W/D), for example: $gender -eq ' | ||
+ | |$institute |Institution | | ||
+ | |$filterattribute1 |User defined attribute | | ||
+ | |$filterattribute2 |User defined attribute | | ||
+ | |$filterattribute3 |User defined attribute | | ||
+ | |$emailaddresses |EMail addresses have to be defined in the following way, for example: $emailaddresses -eq ' | ||
+ | |||
+ | **Valid operators** | ||
+ | ^ Operator ^ Description ^ | ||
+ | | -eq |Equal | | ||
+ | | -ne |Not equal | | ||
+ | | -like |Like (Wildcard: *) | | ||
+ | | -and |And | | ||
+ | | -or |Or | | ||
+ | | -not |Not | | ||
+ | ==== Group management ==== | ||
+ | === Overview === | ||
+ | Without providing an email address groups are just a structural organisation tool. When an email address is given they turn into a [[# | ||
+ | Be aware ' | ||
+ | </ |