7.2 Assigning the User Application Administrator

The User Application Administrator performs administrative tasks for the identity applications, using the Administration page of the User Application. There can be more than one User Application Administrator.

One user must be assigned to the User Application Administrator role at installation. The User Application Administrator created during installation can administer everything in the User Application including the Provisioning system and can designate other users as User Application Administrators.

You can assign the User Application Administrator during installation and on the Application Configuration page on the Administration tab of the Identity Manager User Application. When you assign the administrator at installation, Identity Manager writes the assignment to the identity applications configuration file, which is editable with the configupdate utility. But, at deployment of the WAR, the assignment is written to the User Application database. Thus, after you start the Tomcat Application Server the first time after installation, you cannot change the assignment with the configupdate utility. However, you can change the assignment from the Administration > Application Configuration page.

A user who is to be a User Application Administrator should typically be located under the user root container specified in the User Application’s LDAP configuration. This enables the user to log in simply by username (instead of requiring the fully distinguished name each time).

The user who is a User Application Administrator does not need special directory rights because this role controls application-level access.

When assigning User Application Administrators, you can specify users, groups, or containers.

In your Web browser, browse for User Application URL and login as a User Application administrator:
```
https://<Application-Server-IP-Address>:<Port>/IDMProv
```
Go to the Application Configuration page.
Under Portal Configuration, select User App Administrator Assignment.

Specify values for the following search settings:

Setting	What to Do
Search for	Select one of the following from the drop-down menu: Users Groups Containers
Starts with	If you want to: Find all available objects of your specified type (user), then make this setting blank. Find a subset of those objects, then enter the starting characters of the CN values you want. (Case is not considered. Wildcards are not supported.)

Click Go.

The results of your search appear in the Results list.
Select the users, group, or container you want to assign as User Application Administrators, then click Add (>).

Hold down the Ctrl key to make multiple selections.
Click Save.

To unassign User Application Administrators:

In the Current Assignments list, select the users, group, or container you want to unassign as User Application Administrators, then click Remove (<).

Hold down the Control key to make multiple selections.
Click Save.

You cannot delete yourself as User Application Administrator. This is a safeguard to ensure that the User Application always has at least one User Application Administrator.