Planning user administration

The following list outlines the tasks that you should perform before you begin creating, modifying, or copying users:

1. Determine whether you want to integrate IBM OpenPages® with your LDAP servers to allow prepopulation of user information when you create a new user in IBM OpenPages. If so, then perform one or both of the following actions:
   • If you are using LDAP over SSL/TLS, setup your certificates.
   • Configure access to your LDAP servers from IBM OpenPages.
2. Determine whether you want to allow the creation or updating of users based upon existing users. The user will have the same attributes, such as locale, profiles, group memberships, role assignments, and reports access, as another user. If so, then perform the following actions:
   • Determine which users can be used as source for the Copy Access From operation.
   • Determine whether you want to allow inactive users to be the source for the Copy Access From operation.
   • Configure the default behavior for the Locale, Profiles, Group Memberships, Direct Role Assignments, and Direct Reports Access attributes during the Copy Access From operation.
   • Determine whether the Copy Access From operation adds to or replaces a user or group's existing attributes.
3. Determine the default values for the following settings:
   • The default value or values for the Allowed Profiles.
   • The default value for the locale.
   • The number of rows that are listed per page in the Reports Access table.
4. Determine the password behavior for users by performing the following actions:
   • Configure the default change password behavior when you create a new user.
   • Configure the default password expiration behavior.
5. If user provisioning is configured in your system to allow copying attributes from inactive users, determine whether you want to create template users as inactive users. The inactive template users should have similar attributes that you want to copy to other users. The administrator can modify attributes after the copy operation.
6. Determine whether you want to add administrators who can perform user provisioning tasks beyond the super user. For example, you can create administrators who perform only password management tasks for users, while other administrators can create users.
   Note: As of version 7.4, you must now assign delegated administrators rights at the top-level security domain and the top-level user group to perform some user-provisioning functions. For more information, see Administrator permissions for user-provisioning functions. For these functions, you can separate out the tasks the delegated administrators can do but can no longer separate out which places they can perform them.
7. Determine whether you want to primarily manage administrative rights, such as managing profiles, role assignments, and reports access, directly at the user level or by making users members of user groups. You can use a combination of methods. It is strongly recommended that you manage administrator rights via user groups.
8. Determine the groups and security domains that you want each user to belong to. By default, when you create a new user from scratch, that user belongs to a special group called Standalone Users and Groups. Only the Super Administrator has administrative access to this group. When a user or group is disassociated from an organizational or security domain group, and that user or group is not a direct or indirect member of any other group, the system makes that user or group a member of Standalone Users and Groups.

   For more information about group memberships, see Associating and disassociating a group (Task Focused UI).

9. Determine the profiles that you want the users to have.

   For more information about choosing profiles, see Profiles.

10. Determine the role assignments that you want the user to have.

    For more information about role-based security and role templates, see Role-based security model.

11. Determine the reports that you want the users to have access to.

    For more information about modifying reports access, see Managing reports.

12. If you use solutions, determine which sample users you want to keep.

    For each sample user that you want to keep, reset the user's password. See Modifying user accounts.

    Disable the sample users that you don't need.