User profile

Edit online

The user profile configuration contains the settings that are required to manage the user data that is stored in the user registry.

Procedure

  1. From the top menu, go to AAC > Manage > SCIM Configuration.
  2. Click User Profile.
  3. Modify the following settings as needed.
    LDAP Server
    This server connection is a pointer to an LDAP server connection that has been defined in the Advanced Access Control server connections page. This field contains a list of the available LDAP server connections and Verify Identity Access Runtime server connections.

    If an LDAP type is selected, it is used directly as the SCIM LDAP server.

    If an Verify Identity Access Runtime type is selected, the bind details in the server connection are used along with the configured Verify Identity Access Runtime LDAP server.
    Important: The selected server connection must contain the bind details for the Runtime Component LDAP server. Ensure that you configure the Runtime Component before you attempt to do this.

    This field is required.

    Type
    This field shows the server connection type for the selected LDAP server.
    If the server connection type is LDAP, the server connection is used as is. If the server connection type is Verify Identity Access Runtime, the bind details in the server connection are used along with the configured Verify Identity Access Runtime LDAP server.
    Note: If a specific federated directory is selected by using the Attribute Lookup Directory field it is used in each of the following lookup operations, otherwise the Verify Identity Access primary user registry is used.
    • The list of available LDAP group related object classes only includes the values that are obtained from the lookup LDAP server.
    • The Group DN attribute selection on this page only includes the values obtained from the lookup LDAP server.
    • If an Verify Identity Access Runtime server connection is selected, the list of available LDAP user related object classes only includes the values that are obtained from the lookup LDAP server.
    • If an Verify Identity Access Runtime server connection is selected, the available LDAP attributes that are used in SCIM attribute mappings only includes the values that are obtained from the lookup LDAP server.
    • If an Verify Identity Access Runtime server connection is selected, the User DN Attribute selection on this page only includes the values that are obtained from the lookup LDAP server.
    LDAP User Related Object Classes
    The LDAP object classes that are used to reference a user object. These values are the object classes that will be looked for when parsing the response to an LDAP subschema query. This is how the list of LDAP user attributes are determined and made available to the administrator for mapping SCIM attributes to LDAP attributes.

    This field is optional. If this field is not set, then no LDAP attributes will be available.

    Attribute Mappings
    The list of SCIM attributes and the mapped source for the attribute, either an LDAP or session attribute. You can expand an attribute to see its subattributes.
    Note: The LDAP server connection and object classes settings must be set in the respective fields before any LDAP attributes are made available.
    Enforce Password Policy
    This checkbox controls whether password updates that are using the standard password SCIM attribute takes place as the administrative user or the end user. Password policy is typically only enforced in the user registry when the password is updated by the end user. Select this checkbox only if users have the necessary permissions to change their own passwords in the user registry and the user registry does not enforce password policy when a user password is changed by an administrative user.
    Note: If there is an update that includes both password and passwordNoPolicy attributes, the passwordNoPolicy takes precedence and the password is ignored.
    Search Suffix
    This field contains the user suffix from which LDAP search operations commences.
    Note: This field is not required if an Verify Identity Access runtime connection is selected. In this case each of the supported suffixes from the configured directories are searched. The exception to this is that if Verify Identity Access integration is enabled then the search suffix is required.
    User Suffix

    This field contains the suffix that houses any users that are created through the SCIM interface.

    User DN Attribute
    This field contains the DN attribute that is used to create users.
    Note: The User Profile LDAP server connection and object classes settings must be set in the respective fields before any LDAP attributes are made available.
    Attribute Lookup Directory
    This field shows the federated directory that is used to retrieve the list of supported LDAP object classes and attributes that are associated with those object classes. The field is only visible if an Verify Identity Access Runtime server connection is selected. The drop-down will then be populated with the list of configured federated directories. An empty selection results in the primary LDAP server being used.
  4. Click Save to save the changes.
    Note: Due to the caching of configuration data within the runtime, it might take up to 30 seconds before any deployed configuration changes become active.