Identity Manager Dashboard allows you to modify the settings for every client configured in identity applications. An administrator must have access topage to modify the client settings.
Thepage also allow you to add a client settings in the identity applications. To add a new client settings, click and specify the and . You can perform the following activities in this page:
Thetab allows you modify the basic client settings.
Represents the name of a client.
Represents the condition that helps to determine the client settings to be applied for the logged in user. If no condition is matching then it applies the default client settings.
Thetab allows you to modify the page view for the selected client. You can also specify general settings for notifications and request forms.
Select the following options fromto customize views for your client:
Thesettings enable you to configure the attributes displayed in the page for the selected client.
Represents the attributes that you want the application to display by default when the user selectsin the page.
Represents additional attributes that provide details about a selected user.
Represents the attributes that can be modified for a user’s details. For most attributes, you can also enter text to serve as default values or examples to aid in new user creation, as desired.
The following example allows a client user to edit Title, Manager, Telephone Number, Manager, and Direct Report attributes:
Figure 10-1 Editable Attributes
To add more attributes to the list, click. You can also select a different attribute from the list to modify the editable attributes.
Represents the attributes that users can define when searching for a user or filtering search results in thepage.
Represents the default container for storing users and how the application responds when displaying search results.
Specifies the container in the Identity Vault that stores a newly created user.
When creating a user, you can see this value but cannot modify it. This limitation ensures that all users are stored in the same container for that client.
User Search Limit
Specifies the maximum number of users that the application can list as a result of a user search.
View Permission Type
Enable the permission types such as, , and . This allows your client users to view or request the permission types that are selected.
By default, all the permission types are enabled.
Thesettings specify how the client responds upon user login and when the user initiates forms.
Specifies the number of days before a task or role expires that the application begins displaying a notification when the user logs in.
Specifies whether the application opens a new window or a dialog box when the user makes a new request for permissions. When selected, the application opens a new window.
Specifies whether the application opens a new window or a dialog box when the user selects task to approve. When selected, the application opens a new window.
Allows the client users to approve or deny multiple requests at a time.
Specifies the period for an information message to appear on the page.
Specifies the Identity Governance URL.
Specifies the manager’s hierarchy. This helps the helpdesk users to reassign the helpdesk tickets to the managers of the specified level. You can set the hierarchy upto 3.
The Entity settings enable you to configure the attributes. The entities are created using Designer. For more information see, About Entities and Attributes in the NetIQ Identity Manager - Administrator’s Guide to Designing the Identity Applications.
To configure an entity, click the icon and select the entity type from the drop down menu. The deployed entities are displayed in the drop down menu. Click. This displays the selected entity in the tab and in the menu.
To delete an entity, select the entity from themenu and click the icon. The deleted entity will not be listed under the tab.
Represents the attributes that you want the application to display by default when you select the created entity in thetab
In the example shown in Figure 10-2, description, direct reports, company, language, photo, manager, city, mobile, title, and CN are selected for display by default.
Figure 10-2 View Attributes
Represents the attributes that can be modified for an entity. You can add or delete attributes from the list of available entities.
In the example shown in Figure 10-3, direct reports, description, city, company, language, photo, manager, mobile, and title attributes are editable.
Figure 10-3 Editable Attributes
To add additional attributes to the list, click.
It represents the attributes that can be used to search an object. This setting is used to list the entities. This is a mandatory attribute.
In the example shown in Figure 10-4, CN and Description are the search attributes.
Figure 10-4 Search Attribute
Specifies the container in the Identity Vault that stores a newly created entity.
This value cannot be modified. Therefore, all entities are stored in this container for a particular client.
You can control user accesses usingtab, this allows you to specify which user accounts are trustees for the user and configuration based functions within the client. When a trustee logs in, the application displays the page that has been provisioned. Otherwise, the page is hidden. You can add users, groups, roles, and containers as trustees.
When configuring user access, you should consider the following conditions:
Make sure that the users specified inare having sufficient Identity Vault rights to perform tasks within the Identity Applications. However, trustees can access the page but operations on the page will fail if they do not have the proper Identity Vault rights.
Eachhas a set of default trustees suitable for the services that can be accessed through that page. However, if you remove all trustees for a navigation item, every user will be able to access that page.
If a user does not have access to the default navigation (or to the default menu item within a navigation area), the application redirects the user to thepage. The application might also display an error message, such as when a user attempts to login to page without proper authorization. The user can log in but will be directed to the page.
When a user is in proxy mode, the application provides access according to the permissions for the account being proxied, as opposed to the permissions for the logged in user. The proxy can perform tasks on behalf of the other user but does not assume any of the role-type permissions. For example, a user cannot perform Domain Administrator functions on behalf of a Domain Administrator unless that user also has that role.
For more information, click on the Dashboard.
You can use your organization’s logo and name in the header and footer of the dashboard. You also can specify your brand colors and localize the content in the header.
In, you can specify the customized cascading style sheet (CSS).
Click Custom.css file., to download the sample
Modify the Custom.CSS file values and click .
For more information about applying your brand to the Dashboard, click on the Dashboard and see Customize the Branding.
Helpdesk configuration is a two-part process. First you set up the Helpdesk contact details followed by setting up granular permission details for the Helpdesk users.
As part of configuring Helpdesk contact details, you can specify Helpdesk information such as, , and for each of the clients configured in the system. A client user will immediately see the Helpdesk contact information when the administrator completes configuring the Helpdesk for the client.
A Helpdesk user is a user configured to perform certain tasks for the tickets raised by the client users. For more information about what tasks can be performed by a Helpdesk user, see Understanding a Client Helpdesk.
NetIQ recommends not to assign helpdesk admin role to a team manager to avoid conflicts in between these roles.
For granting permissions, you must assign Helpdesk resources to the corresponding Helpdesk users.
NOTE:You cannot assign Helpdesk resources directly to a team or group. If you want to grant helpdesk accesses to a team or group, you must include each members from the group or team individually for the required access rights. Alternatively, you can perform the following steps:
Create a role for helpdesk users. See Creating a New Role.
Map the required helpdesk resources to the newly created role. See Mapping Resources to Roles.
(Conditional) Assign this role to a group. See Assigning Roles to Users.
(Conditional) Team Manager can request for this role on behalf of team members. Approving this role to the team allows team members to use helpdesk resources.
The Helpdesk section lists all Helpdesk resources.
Selected users are allowed to view teams and team members configured for the respective client.
Selected users can view details of any user of the respective client.
Selected users can reassign the user’s tasks to the approver’s manager.
NOTE:You can configurein to help the Helpdesk users to reassign the user’s tasks to the managers of the specified level, if necessary.
Selected users can view request history of any user of the respective client.
Selected users can view the organization chart of the respective client.
Selected users can view groups of the respective client.
After Helpdesk is configured, users can find the Helpdesk information in the following places:
(Conditional) At the footer.
To show the Helpdesk information in the footer, enable.
NOTE:You must ensure that the footer is enabled for the client that you have selected. To enable it, go to. For more information, click on the Dashboard.
You can provisionfor a User, Group, Container, or a Role.
You also can modify the Trustees for a selected widget. For more information, click on the Dashboard.
If you want to remove a client settings from identity applications, perform the following steps:
Select the client settings from the table that you want tot delete.