RapidIdentity Product Guide: Legacy UI

General Tab

The General tab is divided into two drop down areas.

  1. Sponsorship Settings

  2. Alternate Action Manager

Sponsorship Settings

The Sponsorship Settings area contains three subsections:

  1. General Settings

  2. Attributes

  3. Actions

Sponsorship Settings - General Tab

The General tab in the Sponsorship Settings section allows administrators to configure specific DN settings along with several other settings similar to the corresponding Roles General subtab.

Legacy_Sponsorship_General_Sponsorship_General.png

Review the  Configuration Module Interface Overview to configure RBAC or ABAC module visibility.

Table 272. Fields

Field Name

Description

Placement Container DN

Defines the container directly under which new Sponsored Account objects are placed in the directory.

Uniqueness Container DN

Container to search for uniqueness when creating new sponsored accounts. For instance, if JSmith already exists in this container the new sponsored account would be created as JSmith1. This value should match the value specified in the System Settings panel for Authentication Container DN to avoid any namespace collisions.

Sponsored Account Search Base DN

Search base when looking for sponsored accounts.

Sponsored Account Search Filter

LDAP filter showing how to find sponsored accounts.

Maximum Expiration Days

Maximum number of days a sponsored account can go without recertification before expiring. The default value is 90 days and the maximum number is 999 days.

Require Expiration Dates

Determines if expiration date are required or optional.

Require Email Address

Determines if an email address is required or optional.

User Object Naming Convention

This option controls how sponsored account usernames are generated. Two options are available out of the box. Forward and Reverse.

  • Forward: First initial + last name (e.g. JSmith)

  • Reverse: Last name + first initial (eg. SmithJ)

User Object Naming Prefix

Text value to append before the username of newly created sponsored accounts. For instance, if Spons- was supplied for this value a new account might look like this: Spons-JSmith. Keep in mind that in most cases users will login to systems with this account and some systems may have limitations on length and what characters are supported.

User Object Naming Suffix

Text value to append after the username of newly created sponsored accounts. For instance, if Spons- was supplied for this value a new account might look like this: JSmith-Spons. Keep in mind that in most cases users will login to systems with this account and some systems may have limitations on length and what characters are supported.

Preload Sponsors

Enable or disable the preloading of sponsors in sponsor chooser dialogs. Only enable if the number of sponsors in your organization is relatively small

Preload Sponsored Accounts

Enable or disable the preloading of sponsored accounts when visiting at Roles Tab.

Enable Wildcard (*) Searches

Enables/disables the ability to do wildcard searches in any tab.

Enable Module Visibility (RBAC and ABAC Options)

Specify whether access control should exist, and if so whether it is role-based or attribute-based.



Sponsorship Attributes

The Sponsorship Attributes page allows administrators inclusion/exclusion options with respect to Sponsorship filtering.

Legacy_Sponsorship_General_Sponsorship_Attributes.png
Table 273. Fields

Field Name

Description

Use First Name in Duplicate Matching Filter

If selected, the new account must match this and all other attributes selected to be considered a duplicate.

Use Last Name in Duplicate Matching Filter

If selected, the new account must match this and all other attributes selected to be considered a duplicate.

Use Email Address in Duplicate Matching Filter

If selected, the new account must match this and all other attributes selected to be considered a duplicate.

Account Type Attribute

The selected global attribute is used to distinguish sponsored accounts from standard accounts.

Value for Account Type

The value written to the account type attribute for all sponsored accounts.

Sponsor Attribute

The global attribute used to store the sponsor on a given sponsored account. Must be of type DN.

Expiration Attribute

The global attribute used to store the sponsorship expiration date. Not needed if expiration is disabled.



Sponsorship Actions

The Sponsorship Actions page functions identically to the corresponding Roles Module Actions subtab: highlighted actions will display to users having access to the corresponding My/Team/Other Sponsorship tabs.

Sponsorship_Actions.jpg
Alternate Action Manager

The Alternate Action Manager allows administrators the ability to bypass built-in RapidIdentity Portal logic and allow an arbitrary RapidIdentity Connect Action Set to provide specific functionality.

RapidIdentity Portal performs the necessary authentication/authorization/validation on the request then invokes the pre-defined Action Set on the configured RapidIdentity Connect instance.

Legacy_Alternate_Action_Mgr.png

To see detailed examples, consult the RapidIdentity Portal Sponsorship Module Alternate Actions.