IDM 4.6 Dashboard introduces a new feature to customize UI settings, behavior, branding, and access to the application through client settings. There can be multiple such client settings on a single identity manager instance and different sets of users can map to different clients. This would allow users to have a different look and feel, different behavior, and different access configuration within the same identity manager. Users can map to different clients through user attributes. For example, you can create 3 different clients, one for each business unit in your organization and map different users to these clients using the OU attribute on the user.
Each client setting has a match condition formed using LDAP attribute(s) of the user. Client setting for a logged in user is determined using the match condition validated against the logged in user’s attributes. If no condition matches, the default client setting will be applicable. Default client cannot be deleted. Default client will be indicated in manage client’s page with <default> tag appended with client name. Client settings will get stored in the file system or database depending on how it is configured in ism-configuration.properties.
The client settings directory is stored in the <tomcat base folder>/conf folder by default when directory property is not configured. Client settings configuration can also be stored in a directory under User Home folder. The administrator needs to update ism-configuration properties file (com.netiq.idmdash.client.settings.directory) with the appropriate value.
NOTE: You can set client settings directory as %user.home% to create the client settings directory under User Home folder. You can also set the client setting directory as %catalina.base% to create the client setting folder under <tomcat base folder>/conf. If you do not set the client settings directory to any of the above mentioned values, the directory will be created under the User Home folder.
The Administrator can also store the configuration in the dedicated table in the Identity User Application database.
NOTE: Always select the Database mode for saving the client settings configuration in the cluster environment. In case, a customer is switching the mode from File system to database or vice versa, client settings will not get migrated. Whatever settings are present in the selected mode will get reflected in RBPM dashboard.
How to navigate: Menu under User Id > Settings
Client name is editable and must be unique. Match condition could be a simple one or complex like in LDAP queries using user attributes.
Simple condition -> ou=clientname
Complex condition -> (&(ou=clientname)(l=clientlocation))
Navigation access rights to various pages within Identity Manager Dashboard are managed with trustees assigned to each of the pages access in the Access Section. Trustees can be added in the form of user, group, role, or containers.
Certain pages like dashboard and landing are accessible to all the users. Access rights cannot be changed and hence disabled.
User’s home page shall be configured using area default field. Certain pages like edit user and password sync status cannot be set as area default and hence disabled.
Application behavior can be managed in the customization section. It is categorized as user and general customization. The list of user attributes available for configuration has been pulled from user DAL entity.
User card view – Card view is configured with primary, secondary, and other attributes of the user. Only four attributes can be selected as primary and secondary attributes in order to limit the information in card view. User details page will display all primary, secondary, and other attributes.
Search lookup attributes – Selected user attributes will be used for searching users matching search text entered
Editable attributes – Selected user attributes will be displayed as editable fields in user’s edit form. Provision is made to set default value of selected attributes which is of simple type. Default values of those attributes are populated in create user page. This also governs which attributes are visible in “Create User Form”.
Likewise, user base container, maximum user search limit, Notification expiry in days, Feedback message span in milliseconds, and displaying approval/request form in new window can be customized.
Header – Branding color and title in header can be configured. Title can be localized for all supported locales of the application with a link to redirect on click of header title.
Footer – Footer can be configured with contact information. Multiple footer links can be added. It can also be localized for all supported locales of the application with a link to redirect on click of footer link.
Advanced CSS customization – Application display style can be customized. User can download the sample of styles used in the application, then modify to their needs and upload it back to reflect the changes in UI look and feel.
Client settings can be migrated from one server to another server. It helps customer to replicate settings from staging to production environment. Here is a tool Migrate settings tool to migrate client settings.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.