Document toolboxDocument toolbox

Set up search configuration in Identity Manager

This article includes updates for Smart ID 23.04.

Search configurations are used in Smart ID Identity Manager to search in data pools and identity templates, and to set up search filters and results. Search dialogs can also be integrated into processes, or be shown in batch orders and related object field. Permissions need to be adapted to the intended use and roles. Searches can be done on multiple levels, and for example show card data for all employee cards of a certain employee. 

This article describes how to create or edit a search configuration in Identity Manager Admin

 Prerequisites

Before setting up the search configuration, make sure that the following things apply:

  • Installed Identity Manager
  • Available identity template or data pool as reference for the search configuration
  • If needed: Available report configuration, to allow users to export the search results to a pdf report

Step-by-step instruction

 Log in to Identity Manager Admin
  1. Log in to Identity Manager Admin as an admin user.
 Add search configuration
  1. In Identity Manager Admin, go to Home > Search Configurations.
  2. To add a new search configuration:

    1. Click +New.

    2. Enter a Name and Select a Reference, either a core template or a data pool. Click Save + Edit.

    3. Optional: add Object picture
      1. The object picture of the Search Configuration is used in the related objects view in Identity Manager.
        If you do not upload a picture, the standard icon of the result object will be used, for example, a card or a meeting icon.
    4. The Search Reference Type shows CORE_TEMPLATE or DATAPOOL, depending on what you selected in Reference in step 1b.
    5. The Search Reference Name shows the name of the core template or the name of the data pool of the CoreObjects that are searched, depending on what you selected in Reference in step 1b.
    6. If you check Maximum number of search results and then enter a number, the search will never return more results than this value. If there are more results, the user gets an error message and has the possibility to modify the filters. Use this only for views where the user has the possibility to modify the filters.
    7. In the General tab, the fields of the selected data pool or core template are listed under Search Criteria. The search dialog as it will roughly appear in Identity Manager is shown on the right, under Search. On the left of it is the search mask, on the right the search results. 
    8. Click Save.
  3. To instead edit an existing search configuration, double-click on its name.
 Set multi-level search

Search over multiple levels means that a search can be done over related data pools or core templates. For example, you can search for all Employee cards that are related to an Employee. This is done using ObjectRelations from the given CoreObject to the related CoreObject.

To set multi-level search:

  1. Follow the steps in "Add search configuration" above.
  2. Before you click Save, check Search over multiple levels.
  3. Set Search Depth. Depth means the maximum number of ObjectRelations to be searched for. Search Depth = 1 means that data from directly related objects are shown in the search results. The default depth is 3 and search depth 3 also includes objects from search depth 2 and search depth 1. You can configure the default depth in PermissionAwareSearchConfigManager.

    Search depth values greater than 5 trigger a warning message, regarding possible performance issues.

  4. Select Result Reference Type: core template or data pool, and select a Result Reference Name, which defines the name of the core template or data pool that are searched at depth zero up to the specified search depth. The selected data pool or core template with its text fields are shown in the Search criteria field.
  5. Set Object Relation Types:
    1. All
      If All is checked, it includes all current and future object relation types not available at the time of configuration, but available at the time of search. Also, it disables Type Selection. All is checked by default.
    2. Type Selection
      Only enabled when All is not checked. If Type Selection is checked, a pop-up is shown with a list of object relation types to select. The pop-up shows already stored, and therefore selected, types in alphabetical order at the top of the list followed by additionally available types not yet selected, also in alphabetical order.
  6. Click Save to save your settings.
 Add search filter

To add a search criterion to the search filter:

  1. On the General tab, drag-and-drop the search criterion, for example Birth date, from Search criteria to the left field in Search.
  2. Select an initial search condition, for example begins with or greater or equal.
  3. Optionally, enter an initial search value, for example Jun 7, 2017
  4. You can combine two search filters, see "Combine two search filters" below.
  5. You can also use expressions as field values, see "Add field values with expressions" below.
  6. To change the search properties of the field, click Edit (pen symbol).
  7. In Change search field properties, check Hidden, to hide the criterion from the search mask. A hidden field needs an initial search value. To use a variable value from another data pool in the search mask, select the data pool in Selection list and select a Value. Click OK.
  8. Repeat steps 1-5 for all search criteria needed in the search mask.
  9. Click Save to save your settings.
 Combine two search filters

Logical AND

  • Use " _AND_ "
    • Note the blanks at the beginning and end
    • AND must be in upper case

Example 1:

Example 1 - AND

SearchField: First name 
SearchValue: Tom _AND_ Jack
Filter: unequals.
This can be used to find all persons, except those with the first name 'Tom' or 'Jack'

Example 2:

Example 2 - AND

SearchField: First name
SearchValue: Tom _AND_ Jack _AND_ Julian
Filter: unequals.
This can be used to find all persons, except those with the first name 'Tom' or 'Jack' or 'Julian'. 

Example 3:

When translatable values are used, the non-translated symbolic names have to be used.

Example 3 - AND

SearchField: Identity Status
SearchValue: CtEmployee _AND_ CtContractor
Filter: unequals

Logical OR

  • Use " _OR_ "
    • Note the blanks at the beginning and end
    • OR must be in upper case

Example 1:

Example 1 - OR

SearchField: Department 
SearchValue: Development _OR_ Finance
Filter: equals
This can be used to find all entries having department 'Development' or 'Finance'.

Example 2:

Example 2 - OR

SearchField: Department 
SearchValue: Development _OR_ Finance _OR_ Sales
Filter: equals.
This can be used to find all entries having department 'Development' or 'Finance' or 'Sales'.

Combine AND and OR

You can combine two search filters using logical AND and OR.

To combine two search filters, add both of them as filter fields. You can add each data pool field as a filter field as often as you like.

Rules for AND and OR combinations:

  • AND and OR combinations are only available for text-fields, not for numeric, boolean, date, etc. 
  • It is not allowed to use both logical operators AND and OR at the same time in the searchValue
  • The logical operators makes no sense with some filters. See these examples:

    Example with 'AND'

    SearchField: First name
    SearchValue: Tom _AND_ Jack
    Filter: equals

    The result will be an empty list.

    Example with 'OR'

    SearchField: First name
    SearchValue: Tom _OR_ Jack
    Filter: unequals

    The result will be an empty list.

 Add field values with expressions

For the initial values of text or number filter fields, you can also use Juel expressions.

Process expressions

ExpressionDescription
${<Datapool_Field>}Any data pool field from the process map, for example, ${Person_FirstName}.

User expressions

ExpressionDescription
${user.id}Unique user id
${user.name}User login name, for example, 'jsmith'
${user.fullName}User full name, for example, 'Johnny Smith'
${user.ipAddress}IP address of the user
${user.<Datapool_Field>}Any data pool field related to the user, if the user data comes from a data pool, that is, ${user.Person_LastName} returns 'Smith'.
This expression may be used only in conjunction with CoreObject based authentication.

System Property expressions

These expressions are replaced by specific values which are configured in Identity Manager Admin. The names of the properties are found in the database in Property.name.

ExpressionDescription
${sysprop.<property>}The value of a system property. Replace the placeholder <property> with the name of a systemProperty which can be found in the database table Property.

Date expressions

Date expressions are resolved to a Date, Date and Time or Time values, depending of which one you use. You can pass numbers into the date expressions, which are then calculated to certain value.

ExpressionDescription

${today}

Date of today with no time

${today.plusDays(n)}

Date of today with no time plus the "n" number of days

${today.plusMonths(n)}

Date of today with no time plus the "n" number of month

${today.plusYears(n)}

Date of today with no time plus the "n" number of years

${now}

The current time and date

${now.plusSeconds(n)}

Current time and date plus the "n" number of seconds

${now.plusMinutes(n)}

Current time and date plus the "n" number of minutes

${now.plusHours(n)}

Current time and date plus the "n" number of hours

Nested expressions for Date expressions

For date expressions, you can also set the value to be another expression, and have expression within expression, so called nested expressions.
The types of expressions that can be set inside date expressions are:

  • System property expression
    ${sysprop.someValue}
  • User expression
    ${user.id}

Examples:

${today.plusDays(${sysprop.someValue})}

${today.plusDays(${user.id})}

 Add search results

To add a search criterion to the list of search results:

  1. To show a search criterion, for example First Name, in the search results, drag-and-drop it from Search criteria to the right field in Search.
  2. To move a column in the search result table, drag-and-drop it to a new location.
  3. Click on a column heading to set the sort order based on that column.
    1. To change sort order between ascending/descending, click on the column heading again.

      The "status" column is sorted on symbolic name, and not in alphabetical order.

    2. To sort over multiple columns, hold the <SHIFT> key while selecting the columns.
  4. Click Save to save your settings.
 Change the sort order in Quick search on the Start page and on the Search page
  1. In Identity Manager Admin, go to Search Configurations.
  2. Click Sort Sequence on the top. The Change Sort Sequence pop up is shown.
  3. Change the order with the arrow buttons. What will be shown in the Quick search list on the Start page and on the Search page depends on the permissions for the logged in user and the purpose of the search configuration. Read more in sections "Set permissions" and "Set search purpose".
  4. Click Save.
 Set permissions

To set the permissions to execute the search configuration:

  1. Go to the Permissions tab.
  2. Click Execute in the left field.
  3. To add permission for a specific user, click the Add User button to the right, and select the user name in the selection box.
  4. To add permission for a role, click the Add Role button to the right, and select the role in the selection box.
  5. To delete a permission, mark the role or user in the list and click Delete.
  6. Click Save to save the settings.
 Set search purpose

To define where the search configuration is to be used, the purpose must be set:

  1. Go to the Purpose tab.
  2. Select one or more of these alternatives:
    • Quick Search - A search item appears in the Quick search list on the Start page in Identity Manager Operator. This option is not supported for external data sources. 
    • Search - The search configuration is available on the Search page in Identity Manager Operator. 
    • Batch Orders - The search configuration is available on the Batch Orders page in Identity Manager Operator. This option is not supported for external data sources.

    • Object Relations - The search configuration is displayed in the Related objects field for a certain object.
    • Self-Service Search – The search configuration is available in Smart ID Self-Service. Also select the category for Self-Service in the drop-down menu. 
 Set report formats

To set available report formats:

  1. Click Configure function 'Export search results'.
  2. In Choose export formats, check CSV format to make csv export available. Select a PDF format to make pdf export available and define the layout of a pdf export.
  3. Click OK to save the settings.

Additional information



Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions