Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Users - Manage option to add a uniqueness check

Owned by Ann Base (Deactivated)
Last updated: Jan 23, 2024 by Ylva AnderssonVersion comment
3 min read

This article describes how to manage the option to add or remove a uniqueness check in the use cases Create user or Edit user in Smart ID Identity Manager, Users package. Read more here: Smart ID Workforce use cases

A script in Identity Manager Admin is used to manage the option. The unique identifier is by default the email address. Read more in the "Change the unique identifier" section below.

Read more about the use cases here: Users - Use cases for the operator and here Users - Use cases for the self-service user

See a list of all available options in the Smart ID use cases here: Users - Options

-

Step-by-step instruction for the administrator

  1. Log in to Identity Manager Admin as Administrator.



This section shows how to enable the uniqueness check for the Create user use case. See the next section for the Edit user use case.

  1. In Identity Manager Admin, go to Home > Script.

  2. Select the script UsersScriptOptions.

  3. In the section Uniqueness check in the script, go to the UsersCreateUserUniquenessCheck variable, see the example. By default it is set to true, that is, there is a uniqueness check done when you create a user. 

    /* Defines if create user require uniqueness check. Possible options: * true(default) - Approval steps are enabled. * false - Approval steps are disabled. */ UsersCreateUserUniquenessCheck = true



  4. If you do not want to have a uniqueness check when you create a user, set UsersCreateUserUniquenessCheck to false.

  5. Click Save in the upper left corner to save the updated script (or exit without saving if there are no updates).



This section shows how to enable the uniqueness check for the Edit user use case. See the previous section for the Create user use case.

  1. In Identity Manager Admin, go to Home > Script.

  2. Select the script UsersScriptOptions.

  3. In the section Uniqueness check in the script, go to the UsersEditUserUniquenessCheck variable, see the example. By default it is set to true, that is, there is a uniqueness check done when you edit a user. 

    /* Defines if edit user require uniqueness check. Possible options: * true(default) - Approval steps are enabled. * false - Approval steps are disabled. */ UsersEditUserUniquenessCheck = true



  4. If you do not want to have a uniqueness check when you edit a user, set UsersEditUserUniquenessCheck to false.

  5. Click Save in the upper left corner to save the updated script (or exit without saving if there are no updates).



You can change the unique identifier if you want to use something else than email.

To see the unique identifier:

  1. In Identity Manager Admin, go to Home > Process Import.

  2. Select the process Create user.

  3. Click the row Check uniqueness.

  4. Click Edit task on the Check uniqueness row (the pen to the right on the row).

  5. In the list of Parameters, you see the parameter name UsersDp_Email and the value EQUALS:${UsersDp_Email} which means that the email is used for the uniqueness check.

The service task that controls this is called Process: Execute Search Task, read more about it here: Process - Standard service tasks in Identity Manager. Normally, the email is what you use for the uniqueness check. But if you, for example, use the Users add-on LDAP, see Create user add-on LDAP, to create users, the uniqueness check is done on a parameter called UsersAddonLDAPDp_ObjectGUID and the value is EQUALS:{UsersAddonLDAPDp_ObjectGUID}.

Technical details



Additional information



Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions