This section describes how to perform administration operations on a user. These operations includes:
- Changing the user status
- Resetting the password
Update user status
To change the status of user (enable,disable, terminate), first find the user that you need to manage using the either the header search or advanced search in the webconsole. Using the administrative actions dropdown shown below, select the new status; each status is explained below.
|Active||Changes the user status of a user to |
|Disable||Changes the Account status to |
|Delete||Physically removes a user from OpenIAM and target systems. In some applications a delete operation will be translated to an end-date.|
|DeActivate||Users status is updated to |
|Deceased||Changes the user status in OpenIAM to |
|Enable||Clears the Account status value so that users can login to OpenIAM. This operation is the reverse of |
|Terminate User||Changes the user status to Terminated in OpenIAM. An |
|Leave with Pay||Leave with Pay disables a user in OpenIAM. Optionally, the policy maps can be configured to also disable the users in the target system. This status is used to align with the HR system values.|
|Leave of Absence||Leave of Absence disables a user in OpenIAM and target systems. This status is used to align with the HR system values.|
|Reset Challenge question||Forces the user to set their challenge questions when they login.|
|Reset Account||Resets a locked user so that they can login. This operation will clear the |
Administrators can initiate a password reset using the steps described below.
- Login to the webconsole
- Find the user that needs a password reset using either the header search or the advanced search
- From the side menu, select
Reset passwordas shown in the diagram below.
- The reset password link will display the screen shown below. On this screen are several options which are described below:
|Reset password action||Select between: |
|Managed system||This drop down is used to control which systems should be updated when the password is changed. In most cases, you should use the |
|Password||This is the temporary password being provided by the Admin. The password policy is shown to ensure that a valid password is provided.|
|Confirm password||Enter the password again. This field is used to ensure that the correct password has been captured by the system.|
|Send password by email||As mentioned above, by checking this box, the password provided by the admin will be sent to the user over email.|
|Auto generate password||Eliminates the need to enter a password. The system is automatically generate a password and e-mail it to the user.|
When the user logs in for the first time after the admin has reset their account, they will be asked to change their password. This new password will be synched across all connected systems that the user has an account in.
The authentication process is controlled by the authentication policy and rules. One of these of parameters is the
Authentication failure count. If a user attempts to login with the wrong set of credentials then account will be locked when the number of failed attempts equals the Authentication failure count parameters.
To unlock your OpenIAM account, you can got to Reset Password as described above.
When you click on
Reset password, the system will prompt you if the account has been locked shown below.
Yes, and the account will be unlocked. When the user logs in for the first time, they will be asked to change their password. This new password will be synched across all connected systems that the user has an account in.
Adding / removing entitlements
Administrators can add or remove entitlements for a user using the steps described below.
- Login to the webonconsole
- Find the user that needs to be modified using either the header or advanced search
- From the side menu, select
User entitlementsas shown in the image below.
The entitlement management interface will be shown next. From this screen, you can view the complete list of entitlements in different perspectives: Resource (application view), Groups, Role, and Organization. Select the appropriate tab to change the perspective.
- To Add / remove an entitlement, select the
Editbutton from the screen below.
Adding an entitlement
- Click on
Addfrom the screen below, followed by the type of entitlement that you would like to add: Role, Group, Resource, Organization
- Next, select the entitlement as shown in the screen below. You should first select the application / managed system that the entitlement belongs to. Optionally, you can also set the start and end dates for this access.
- Save the entitlement. At this point you will see the entitlement being added to the entitlement viewer as well as any related target systems.
Removing an entitlement
- Select the entitlement you want to delete by clicking on the entitlement name. This will highlight the row as shown below.
- Next click on
Delete selectedto remove the selected entitlements. This will remove the entitlements membership from OpenIAM and from associated target systems.