PhenixID

PSD1187 – IGA – Approve Custom Control

Document version (last updated) : 2021, October 20th.

Prerequisite

  • A PhenixID Identity Manager (IM) 5.6.6 or later running

Overview

This custom control is written to approve changed objects in IGA scenarios. If you for example have requested a change on a user object that you like to have approved, this custom control is created for the approve to make it easy to manage approvals.

Configuration

1. Add approval custom control

This approval custom control is included in PIM.

  1. Open an Edit form/tab.
  2. Add custom control:
    se.nordicedge.controls.iga.AttributeApprovalListControl
  3.  

2. Parameter explanation

This section explains the parameters for the custom control

  • Readonly mode, default false
    If you have user that should only be able to see what is pending, for example reviewer or requestor, then readonly mode might work.
  • Attribute that holds the original object DN
    What attribute on the shadow object is holding the link back to the original object. This should be an DN. If the approver approves the change the original object will be update.
  • Hide “Current groups” button (true/false) Default: false
    When approving groups for a user you like to see the existing groups the user are member of. You can do this by adding a button for this in the UI.
  • Label on Current Groups button. Default: “Current groups”
    The button mentioned for the parameter above, what should the button label be?
  • Current groups attribute
    What attribute on the user holds the current groups. In Active Directory for example it is memberOf.
  • Current groups display attribute
    When listning the current groups by default the DN of the groups will be listed. Perhaps you like to list another attribute that is more user friendly, like displayName or sAMAccountName?
  • Label “Attribute”
    In UI there is a label called Attribute, would you like it to be called something else?
  • Label “Current value”
    In UI there is a label called Current value, would you like it to be called something else?
  • Label “New value”
    In UI there is a label called New value, would you like it to be called something else?
  • Label “Approve/Decline”
    In UI there is a label called Approve/Decline, would you like it to be called something else?
  • Managed attributes (must be in JSON format)
    What attributes should be supported. An LDAP directory for user object have many attributes and their values is often of different type.
    What values should be supported? How should the be presented? This parameter value is in JSON. See further down in the document syntax for this. 

3. JSON syntax for supported attributes

Since you might like support several attributes with values of different types, some single value attributes, some multi-value attribute the configuration can be somewhat complex. For this we are using JSON for configuration.

The JSON syntax used to figure out your configuration is stated below. To better understand how to use it we have provided som examples.

https://jsonlint.com/

The JSON syntax consist of the following parameters:

JSON Syntax:

[{
"originalAttributeName":"memberOf",
"shadowAttributeName":"seeAlso",
"single":"false",
"displayName":"Grupper",
"addPrefix":"ADD_",
"removePrefix":REMOVE_",
"addLabel":"Lägg till",
"removeLabel":"Ta bort",
"displayAttributeOriginalValue":"cn",
"displayAttributeShadowValue":"displayName",
"filterOriginalValue":"filter.Nordicedge,msTimeformat",
"filterShadowValue":"filter.Nordicedge,msTimeformat"
}]

Example 1

sdsd

sadsdfs


				

DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se