Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Set up process in Identity Manager

Owned by Karolin Hemmingsson (Unlicensed)
Last updated: Jul 22, 2024 by Josefin Klang (Deactivated)Version comment
5 min read

This article includes updates for Smart ID 23.10.6.

This article describes how to create or edit a simple process inĀ Identity Manager Admin, with the Process Designer tool. To create more complex processes with the full set of tasks, the Activiti designer plugin can be used.

Prerequisites

Before setting up a process, make sure that the following things apply:

  • Installed Identity Manager

  • Log in to Identity Manager AdminĀ as anĀ adminĀ user.

Add process

  1. In Identity Manager Admin, go to Home > Process Designer.

  2. To add a new process:

    1. ClickĀ +New.

    2. Enter aĀ Name, for example Create Employee, and a Description.

    3. Click Save+Edit.
      The Process Design panel is shown.

  3. To edit an existing process, double-click on its name.

  4. Optionally, enter a Help text.

Add, remove, or edit process tasks

Add, remove, or edit process tasks as needed.

  1. Go to the Task List tab.

  2. There is always a startElementĀ automatically generated. You can configure a form as attribute for it (not mandatory).

  3. In the Task List tab, click + to add a task.

  4. Select a task type. See the available task types and attributes in the table below.
    To use standard service tasks, select Service task as type.

  5. Enter a Name, a Description, and the required attributes for the selected task type. For example, for a Save Data task, a data pool is needed to specify where to save the data.

  6. If a service task is chosen, click the pen symbol to edit.
    To use a standard service task:

    1. Select Delegate Expression.

    2. Enter expression with the name of the standard service task in the text field, for example ${createRelationJavaDelegate}.

    3. Enter values for the given parameters.

    For information on the available standard service tasks and parameters, see Standard service tasks in Identity Manager.

  7. To let a step be done in parallel to the previous step, check Branching.

  8. Click Preview to see a graphic representation of the current process.

  9. Click Save.

Set permissions

Add permissions for users and roles for all operation types:

  1. Go to the Permissions tab.

  2. For each operation type, Delete, Update, Start process, and so on, click the operation name. Repeat steps 3-4 to add permissions for users and roles.

  3. To add permissions for a specific user, click Add user and select the user in the drop-down list.

  4. To add permissions for a role, click Add role and select the role in the drop-down list.

  5. Click Save.

Task types and attributes

Task name

Description

Attributes

Task name

Description

Attributes

Assign New Number

A number from a number range is assigned to a data pool field.

  • Number range

  • Data pool and field name

Card Operation

An action on a card (e.g. Set PIN/Change PIN) is executed. See alsoĀ Structure of an encoding description in Identity Manager for more information.

  • Form

  • Card action

Change State

The state of an object is changed in the localĀ Identity ManagerĀ database to a particular state, e.g. from "Active" to "Inactive".

  • Data pool

  • Target state

Change State in CA

The state of a certificate is changed in the CA to a particular state. The state is then also changed in the local database.

  • Target state

Check Task

This task checks the relationship between a data pool object and a particular identity object. The relationship must be a "one-to-one" relationship. If this is not the case, an activity error occurs.

  • Data pool

  • Identity template

Choose Mapping

Copy data from one data pool to another while applying a pre-configured mapping. See Set up mapping in Identity Manager for more information.

  • Mapping

Delete Data

This task deletes one core object from its data source. The core object is identified by the configured data pool and the variable <datapool>_Id within the process map.

Restrictions:

It is not possible to delete core objects that are based on an external data source, with the exception of SCIM based core objects whichĀ can beĀ deleted.

  • Data pool

Export Task

Data is exported according to an export definition.

  • Export definition

HTTP Client

Send an HTTP request from a process and make the response available in the process map.

  • HTTP Client

Mail Task

An email is sent, for example, a confirmation of a receipt.

  • Email template

You can also enter an Expression ${...} that gets resolved from the DataMap.

Modify Roles Automatically

Roles are automatically assigned to or withdrawn from particular objects.

  • Data pool

  • Role (selected via drag and drop or resolved via expression that contains a comma-separated list of roles in the process map (Role1,Role2,...).

Modify Roles Manually

The user can assign or withdraw roles to or from particular objects manually.

  • Data pool

  • Role

Print Report

A document with the indicated template can be printed.

  • Form

  • Report template

Production

A card or token is produced.Ā This task is for server side production only.

If you configure multiple printers, see Set up printers in Identity Manager.

The process variableĀ processVarCardSdkPrinterUrl can be used to fill with the symbolic name of a Ā printer to find the connection to the CardSDK. If the variable is not in the process, the defaultPrinter is used.

Ā 

  • Card template

  • For Nexus GO Cards (CaaS) production:
    Field Name: Field that holds the request id returned by Nexus GO Cards (CaaS).

  • For Nexus GO Cards (CaaS) production:
    Production ID: Field that holds the idempotency key used to avoid duplicate orders. This can be a previously generated GUID. When empty, the orderRequest is being hashed and used instead.

Production with Preview

Before a card is produced a preview of the card is displayed on the user interface. There are two variations: one for client-side and one for server-side production. These differ by the following forms:

  • clientSideProductionPreviewTask.jsp

  • serverSideProductionPreviewTask.jsp

If you configure multiple printers, see Set up printers in Identity Manager.

The process variableĀ processVarCardSdkPrinterUrl can be used to fill with the symbolic name of a Ā printer to find the connection to the CardSDK. If the variable is not in the process, the defaultPrinter is used.

  • Form

  • Card template

Request Softtoken

A softtoken is required by the CA and sent to the recipient by email.

  • Certificate type

  • Email template

Return Number

A number from a number range is released again.

  • Number range

  • Data pool and field name

Save Data

The process data are saved in the data pool indicated. If a suitable ID is found, an update is run, otherwise a new data record is created.

Restrictions:

It is not possible to update and create core objects that are based on an external data source.

  • Data pool

Script Task

This task contains a scripting engine for script languages such as JUEL, BeanShell, JavaScript and Groovy.

  • Script to be executed

Service Task

A JAVA class that is executed during the process runtime is added to the process.

A set of standard service tasks is available. For more information, see Standard service tasks in Identity Manager.

  • Java Class

  • For standard service task:
    Relevant parameters for the selected task

User Task

A user dialog (user task) is used in order to model the interaction of a user. It is a form in which entries have to be made.

  • Form

  • Buttons can be configured

Additional information

Ā 

Ā 

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions