3.1 Accessing the Identity Reporting Module

You can access the Identity Reporting Module directly from a browser, or launch it from the Roles Based Provisioning Module.

NOTE:To access the reporting module, an LDAP user must be a Reporting Administrator and also be able to read all of the attributes in his/her own user object. Therefore, you need to grant the user read trustee rights to the user’s own nrfMemberOf attribute.

3.1.1 Starting the Reporting Module Directly with a URL

To access the Identity Reporting Module directly, open a Web browser and go to the address (URL) for the module (as supplied by your system administrator). The URL will follow this pattern:

http://server:8180/IDMRPT/

3.1.2 Launching the Reporting Module from the User Application

If you want to be able to launch the reporting module from the Work Dashboard in the User Application, you need to have your Configuration Administration specify the URL for the reporting module on the Administration tab. The Configuration Administrator needs to specify the URL in the Novell Identity Manager Reporting Module URL field within the Provisioning UI Display Settings page. In addition, you need to have the Access Reporting Module navigation permission. The Report Administrator is given this permission by default.

To access the Identity Reporting Module from the User Application:

  1. Log into the User Application as a Report Administrator.

  2. Click Access Reporting Module in the User Profile section of the Work Dashboard:

    When you click this button, the login window for the reporting module opens in a new window:

    When Single Sign-On (SSO) is enabled for the Roles Based Provisioning Module, you do not see the Login page. Instead, you are logged into the reporting module automatically.

  3. If SSO has not been enabled, log in as a Report Administrator or other user that has the Access Reporting Module navigation permission.

    The reporting module displays the Overview page:

3.1.3 Configuring RBPM Access to the Reporting Module

To configure the Roles Based Provisioning Module so that it provides access to the Identity Reporting Module from the Work Dashboard:

  1. Configure the URL for the reporting module, as follows:

    1. Log in to the RBPM User Application as a Configuration Administrator.

    2. On the Administration tab, navigate to RBPM Provisioning and Security.

    3. On the Provisioning UI Display Settings page, specify the URL for the reporting module in the Novell Identity Manager Reporting Module URL field. If the reporting module is running on the same server as the RBPM, you can use a relative URL such as /IDMRPT.

  2. Optionally, enable SSO support:

    1. Log in to the RBPM User Application as an Application Administrator.

    2. On the Administration tab, navigate to Application Configuration.

    3. Select Login under Password Module Setup.

    4. On the Login Settings page, select true for Enable SSO.

NOTE:For SSO to work, cookies must be enabled on the client browser in which the user is running the User Application and the Identity Reporting Module. If cookies are disabled in the browser, the user sees the Login page when clicking on the Access Reporting Module button on the Work Dashboard.

3.1.4 Configuring Reporting to Work with Novell Access Manager

If you want to integrate Novell Access Manager and the Identity Reporting Module, you need to be aware that Novell does not not currently support direct Single Sign On (SSO) between the two products. Instead, one must first access the User Application via Novell Access Manager, and then press the Access Reporting Module button on the left-hand navigation menu within the Work Dashboard.

To use this configuration, you need to perform some manual steps to configure the User Application and Novell Access Manager.

To configure the User Application:

  1. Enable the Enable SSO To Other Application setting:

    1. Login to the User Application as the Administrator and go to Administration > Application Configuration > Login.

    2. Select the true radio button next to Enable SSO To Other Application.

    3. Press the Save button.

    4. Logout.

  2. Correct the URL for the Identity Reporting Module:

    1. Login to the User Application as the Administrator and go to Administration > RBPM Provisioning and Security > Provisioning UI Display Settings.

    2. In the text field to the right of Novell Identity Reporting Module URL ensure that the URL to the Reporting module is correct.

    3. Press Save.

    4. Logout.

To configure Novell Access Manager:

  1. Create an entry for reporting in the Proxy Service List.

  2. You must add all three WAR files to the Path List:

    • /IDMRPT

    • /IDMRPT-AUTH

    • /IDMRPT-CORE

  3. In the Advanced Options section add the follow entry:

    ProxyErrorOverride on -401 -403

  4. On the Web Servers Tab, make sure that the Web Server Host Name entry is the actual DNS name of the machine that the reporting module is deployed on.

  5. Configure the Protected Resource.

    It is not necessary to create or enable Authorization, Identity Injection, or Form Fill for the Identity Reporting Module. You only need to configure the Protected Resource. You can apply the same entries you are using for the User Application, but keep in mind that the end user will not be signed on with SSO directly from Access Manager. The end user will still see the login for the Identity Reporting Module.

Once these manual steps have been performed, the Reporting Administrator can use the configuration.

To use the configuration:

  1. Access the User Application via Access Manager, where you will be signed on with SSO.

  2. Press the Access Reporting Module button on the left-hand navigation menu on the Work Dashboard.

  3. A new browser window will appear and the Reporting Administrator will be automatically logged into the Reporting Module. The URL in the browser will appear as the one controlled by Access Manager.