Set up search configuration in Identity Manager
- Karolin Hemmingsson (Unlicensed)
- Ylva Andersson
- Ann Base (Deactivated)
- Josefin Klang (Deactivated)
This article includes updates for Smart ID 23.04.
Search configurations are used in Smart ID Identity Manager to search in data pools and identity templates, and to set up search filters and results. Search dialogs can also be integrated into processes, or be shown in batch orders and related object field. Permissions need to be adapted to the intended use and roles. Searches can be done on multiple levels, and for example show card data for all employee cards of a certain employee.
This article describes how to create or edit a search configuration in Identity Manager Admin.
Before setting up the search configuration, make sure that the following things apply:
- Installed Identity Manager
- Available identity template or data pool as reference for the search configuration
- If needed: Available report configuration, to allow users to export the search results to a pdf report
Step-by-step instruction
- Log in to Identity Manager Admin as an admin user.
- In Identity Manager Admin, go to Home > Search Configurations.
To add a new search configuration:
Click +New.
Enter a Name and Select a Reference, either a core template or a data pool. Click Save + Edit.
- Optional: add Object picture
- The object picture of the Search Configuration is used in the related objects view in Identity Manager.
If you do not upload a picture, the standard icon of the result object will be used, for example, a card or a meeting icon.
- The object picture of the Search Configuration is used in the related objects view in Identity Manager.
- The Search Reference Type shows CORE_TEMPLATE or DATAPOOL, depending on what you selected in Reference in step 1b.
- The Search Reference Name shows the name of the core template or the name of the data pool of the CoreObjects that are searched, depending on what you selected in Reference in step 1b.
- If you check Maximum number of search results and then enter a number, the search will never return more results than this value. If there are more results, the user gets an error message and has the possibility to modify the filters. Use this only for views where the user has the possibility to modify the filters.
- In the General tab, the fields of the selected data pool or core template are listed under Search Criteria. The search dialog as it will roughly appear in Identity Manager is shown on the right, under Search. On the left of it is the search mask, on the right the search results.
- Click Save.
- To instead edit an existing search configuration, double-click on its name.
Search over multiple levels means that a search can be done over related data pools or core templates. For example, you can search for all Employee cards
that are related to an Employee
. This is done using ObjectRelations from the given CoreObject to the related CoreObject.
To set multi-level search:
- Follow the steps in "Add search configuration" above.
- Before you click Save, check Search over multiple levels.
Set Search Depth. Depth means the maximum number of ObjectRelations to be searched for. Search Depth = 1 means that data from directly related objects are shown in the search results. The default depth is 3 and search depth 3 also includes objects from search depth 2 and search depth 1. You can configure the default depth in PermissionAwareSearchConfigManager.
Search depth values greater than 5 trigger a warning message, regarding possible performance issues.
- Select Result Reference Type: core template or data pool, and select a Result Reference Name, which defines the name of the core template or data pool that are searched at depth zero up to the specified search depth. The selected data pool or core template with its text fields are shown in the Search criteria field.
- Set Object Relation Types:
- All
If All is checked, it includes all current and future object relation types not available at the time of configuration, but available at the time of search. Also, it disables Type Selection. All is checked by default. - Type Selection
Only enabled when All is not checked. If Type Selection is checked, a pop-up is shown with a list of object relation types to select. The pop-up shows already stored, and therefore selected, types in alphabetical order at the top of the list followed by additionally available types not yet selected, also in alphabetical order.
- All
- Click Save to save your settings.
To add a search criterion to the search filter:
- On the General tab, drag-and-drop the search criterion, for example Birth date, from Search criteria to the left field in Search.
- Select an initial search condition, for example
begins with
orgreater or equal
. - Optionally, enter an initial search value, for example
Jun 7, 2017
. - You can combine two search filters, see "Combine two search filters" below.
- You can also use expressions as field values, see "Add field values with expressions" below.
- To change the search properties of the field, click Edit (pen symbol).
- In Change search field properties, check Hidden, to hide the criterion from the search mask. A hidden field needs an initial search value. To use a variable value from another data pool in the search mask, select the data pool in Selection list and select a Value. Click OK.
- Repeat steps 1-5 for all search criteria needed in the search mask.
- Click Save to save your settings.
Logical AND
- Use "
_AND_
"- Note the blanks at the beginning and end
- AND must be in upper case
Example 1:
SearchField: First name
SearchValue: Tom _AND_
Jack
Filter: unequals.
This can be used to find all persons, except those with the first name 'Tom' or 'Jack'.
Example 2:
SearchField: First name
SearchValue: Tom _AND_
Jack _AND_
Julian
Filter: unequals.
This can be used to find all persons, except those with the first name 'Tom' or 'Jack' or 'Julian'.
Example 3:
When translatable values are used, the non-translated symbolic names have to be used.
SearchField: Identity Status
SearchValue: CtEmployee _AND_
CtContractor
Filter: unequals
Logical OR
- Use "
_OR_
"- Note the blanks at the beginning and end
- OR must be in upper case
Example 1:
SearchField: Department
SearchValue: Development _OR_
Finance
Filter: equals
This can be used to find all entries having department 'Development' or 'Finance'.
Example 2:
SearchField: Department
SearchValue: Development _OR_
Finance _OR_
Sales
Filter: equals.
This can be used to find all entries having department 'Development' or 'Finance' or 'Sales'.
Combine AND and OR
You can combine two search filters using logical AND and OR.
To combine two search filters, add both of them as filter fields. You can add each data pool field as a filter field as often as you like.
Rules for AND and OR combinations:
- AND and OR combinations are only available for text-fields, not for numeric, boolean, date, etc.
- It is not allowed to use both logical operators AND and OR at the same time in the searchValue
The logical operators makes no sense with some filters. See these examples:
Example with 'AND'SearchField: First name
SearchValue: Tom_AND_
Jack
Filter: equalsThe result will be an empty list.
Example with 'OR'SearchField: First name
SearchValue: Tom_OR_
Jack
Filter: unequalsThe result will be an empty list.
For the initial values of text or number filter fields, you can also use Juel expressions.
Process expressions
Expression | Description |
---|---|
${<Datapool_Field>} | Any data pool field from the process map, for example, ${Person_FirstName}. |
User expressions
Expression | Description |
---|---|
${user.id} | Unique user id |
${user.name} | User login name, for example, 'jsmith' |
${user.fullName} | User full name, for example, 'Johnny Smith' |
${user.ipAddress} | IP address of the user |
${user.<Datapool_Field>} | Any data pool field related to the user, if the user data comes from a data pool, that is, ${user.Person_LastName} returns 'Smith'. This expression may be used only in conjunction with CoreObject based authentication. |
System Property expressions
These expressions are replaced by specific values which are configured in Identity Manager Admin. The names of the properties are found in the database in Property.name.
Expression | Description |
---|---|
${sysprop.<property>} | The value of a system property. Replace the placeholder <property> with the name of a systemProperty which can be found in the database table Property. |
Date expressions
Date expressions are resolved to a Date, Date and Time or Time values, depending of which one you use. You can pass numbers into the date expressions, which are then calculated to certain value.
Expression | Description |
---|---|
${today} | Date of today with no time |
${today.plusDays(n)} | Date of today with no time plus the "n" number of days |
${today.plusMonths(n)} | Date of today with no time plus the "n" number of month |
${today.plusYears(n)} | Date of today with no time plus the "n" number of years |
${now} | The current time and date |
${now.plusSeconds(n)} | Current time and date plus the "n" number of seconds |
${now.plusMinutes(n)} | Current time and date plus the "n" number of minutes |
${now.plusHours(n)} | Current time and date plus the "n" number of hours |
Nested expressions for Date expressions
For date expressions, you can also set the value to be another expression, and have expression within expression, so called nested expressions.
The types of expressions that can be set inside date expressions are:
- System property expression
${sysprop.someValue} - User expression
${user.id}
Examples:
${today.plusDays(${sysprop.someValue})}
${today.plusDays(${user.id})}
To add a search criterion to the list of search results:
- To show a search criterion, for example First Name, in the search results, drag-and-drop it from Search criteria to the right field in Search.
- To move a column in the search result table, drag-and-drop it to a new location.
- Click on a column heading to set the sort order based on that column.
To change sort order between ascending/descending, click on the column heading again.
The "status" column is sorted on symbolic name, and not in alphabetical order.
- To sort over multiple columns, hold the <SHIFT> key while selecting the columns.
- Click Save to save your settings.
- In Identity Manager Admin, go to Search Configurations.
- Click Sort Sequence on the top. The Change Sort Sequence pop up is shown.
- Change the order with the arrow buttons. What will be shown in the Quick search list on the Start page and on the Search page depends on the permissions for the logged in user and the purpose of the search configuration. Read more in sections "Set permissions" and "Set search purpose".
- Click Save.
To set the permissions to execute the search configuration:
- Go to the Permissions tab.
- Click Execute in the left field.
- To add permission for a specific user, click the Add User button to the right, and select the user name in the selection box.
- To add permission for a role, click the Add Role button to the right, and select the role in the selection box.
- To delete a permission, mark the role or user in the list and click Delete.
- Click Save to save the settings.
To define where the search configuration is to be used, the purpose must be set:
- Go to the Purpose tab.
- Select one or more of these alternatives:
- Quick Search - A search item appears in the Quick search list on the Start page in Identity Manager Operator. This option is not supported for external data sources.
- Search - The search configuration is available on the Search page in Identity Manager Operator.
Batch Orders - The search configuration is available on the Batch Orders page in Identity Manager Operator. This option is not supported for external data sources.
- Object Relations - The search configuration is displayed in the Related objects field for a certain object.
- Self-Service Search – The search configuration is available in Smart ID Self-Service. Also select the category for Self-Service in the drop-down menu.
To set available report formats:
- Click Configure function 'Export search results'.
- In Choose export formats, check CSV format to make csv export available. Select a PDF format to make pdf export available and define the layout of a pdf export.
- Click OK to save the settings.
Additional information
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions