Customizing an access card in the Request Access wizard

The second step in the Request Access wizard is used to select the accesses that are requested for a user. The set of access items to choose from is displayed as a collection of access cards that are arranged in a grid. You can customize the information that is displayed in these access cards.

Before you begin

You must have read or write access to the customizable files and the directories where they are maintained. See Location of Identity Service Center customizable files and Customization of Identity Service Center files for specific details about where these files are located. Contact your system administrator if you do not have the necessary permissions.

About this task

An access card is like a brochure for the access items in your organization. The information that is displayed on an access card is arranged into several areas. You can customize which access attributes to display in each of these areas to meet your needs.

The following access attributes are available to be displayed on the access card: The tags attribute refers to the Search terms defined for the access item.

The primary area of the access card displays the most important access attribute, such as the access name. The information in this area is displayed at the top of the card and in the largest font. Only one access attribute can be assigned to the primary area.

The secondary area of the access card displays the next most important access attribute, such as the access description. The information in this area is displayed just under the primary area and in a smaller font than the primary area. Only one access attribute can be assigned to the secondary area.

The tertiary area of the access card displays extra information about the access item, such as the additional information. The information in this area is displayed just under the secondary area and in a smaller font than the secondary area. The tertiary area of the access cards displays the additional information about the attributes.

The image area of the access card displays an icon that is associated with the access item.

Use the following sections to work with the configuration files or the configuration properties from the IBM Security Identity Manager virtual appliance console:

Procedure

  1. Optional: Customize the access attributes that are displayed in the different areas of access cards. Make a custom copy of the config/Access.json file and open the file with a text editor. The contents of this file are maintained in JavaScript Object Notation (JSON) format, which is way of representing structured data. The primary field specifies the name of the access attribute to display in the primary area of the access card. For example:
    "primary" :"accessName",
    You can specify a different attribute to display in the primary area to meet your needs. The secondary field specifies the name of the access attribute to display in the secondary area of the access card. For example:
    "secondary": "description",
    You can specify a different attribute to display in the secondary area to meet your needs. The tertiary field specifies the access attribute to display in the tertiary area of the access card. For example:
    "tertiary": [ "additionalInformation" ],
    You can choose a different set of access attributes to display in the tertiary area to meet your needs. The attributes to be displayed are separated by commas and enclosed in square brackets.
  2. Optional: Customize the labels that are displayed with the access attributes in the tertiary area of the user card. Make a custom copy of the nls/Picker.properties file and open the file with a text editor. The properties in this file define the text that is displayed in various parts of the access selection step of the Request Access wizard.Access attributes assigned to the tertiary area of the access card are displayed with a label to help the user understand what information is displayed. For example, the config/Access.json file contains the following definition for the tertiary section:
    "tertiary": [ "additionalInformation" ],

    To customize the label for an access attribute in the tertiary area of the access card, search for a property in the nls/Picker.properties file. The property must match the uppercase form of the access attribute name that is specified in the tertiary section of the config/Access.json file. For example, additionalInformation. If this property does not exist in the file, then add a property with this name. Customize this property value to specify the string that you want to display as the label of the access attribute in the tertiary area of the card.

  3. Customize the text that is displayed in the sort option list for the primary, secondary, or tertiary areas of the access card. Make a custom copy of the nls/Picker.properties file and open the file with a text editor. The properties in this file define the text that is displayed in various parts of the access selection step of the Request Access wizard.Sorting of access cards is only supported for the accessName, description, and additionalInformation attributes. If the attribute in the primary area is supported for sorting, then it is displayed as the first choice in the sort option list. If the attribute in the secondary area is supported for sorting, then it is displayed as the next choice in the sort option list. If any of the attributes in the tertiary area are supported for sorting, then they are displayed next in the sort option list. The support is only up to a maximum of three sort options. For example, the config/Access.json file contains the following definition:
     "primary": "accessName",
 "secondary": "description",
 "tertiary": ["additionalInformation"],
    Then, sorting on the access name, description, and additional information attributes is supported. The set of access cards has sort control at the top that is represented as follows:
    Sort By: Name, Description, Additional Information

    To customize the text that is displayed in the list of sort options, search for a property in the nls/Picker.properties file. This property must match the uppercase form of the corresponding attribute name. For example, accessName, description, or additionalInformation. If this property does not exist in the file, add a property with this name. Customize this property value to specify the string that you want to display in the list of sort options.

  4. Customize the image area of the access card to display an icon for the associated access item. Make a custom copy of the config/Access.json file and open the file with a text editor. The contents of this file are maintained in JavaScript Object Notation (JSON) format, which is a way of representing structured data.The image field specifies whether an image is to be displayed with each access item. For example:
    "image": "icon"
    This condition specifies that access icons must be displayed on access cards, when the appropriate image file can be found. If you do not want to display images on access cards, remove the "image": "icon" from the config/Access.json file.

    Images for access items can be defined for each individual access item, or for access categories. When you configure an access category image, then it displays for any access items in the category that do not have their own image explicitly defined. IBM Security Identity Manager includes default images for the predefined access categories, but you can provide custom images for these access categories, and custom images for individual access items. By convention, images for access items are maintained in the directories/itim_self_service.war/images/access folder of your customizable files. For example, the image for the Application access category is directories/itim_self_service.war/images/access/iconApplicationAccess.gif.

    • To define a custom image for one of the predefined access category images, create the image in GIF format by using the naming convention icon<access-Category>Access.gif. <access-Category> is the access category to which the image is applicable. For example, iconApplicationAccess.gif. Place the custom image in the directories/itim_self_service.war/images/access folder of your customizable files.
    • To define a custom image for a customer-defined access category, create the image in GIF format by using the naming convention icon<access~category~hierarchy>Access.gif. Place the custom image in the directories/itim_self_service.war/images/access folder of your customizable files. If your site administrator defined access categories in a hierarchy, then the GIF name must reflect that hierarchy by using “~” characters. For example, if a Finance category is defined as a child of the Application category, then the image file must be called iconApplication~FinanceAccess.gif.
    • To define a custom image for a specific access item, create the new image file in any image format. Use any file name that you choose for the image file. Place the image file in the directories/itim_self_service.war/images/access folder of your customizable files. Your site administrator can then specify this image file location in the Access Information page of the service that is associated with the access item. For example, if you create an image that is called iconMyApplicationAccess.jpg, the image location is specified in the Access icon > Icon URL field as: /itim/ui/custom/ui/images/access/iconMyApplicationAccess.jpgdirectories/itim_self_service.war/images/access/iconMyApplicationAccess.jpg

Results

The appearance of the access cards on the access selection step of the Request Access wizard is changed to reflect the customization that you made.

What to do next

In a managed-cluster environment, you must wait until after the configuration is synchronized to the application servers in the cluster. For information about synchronizing, see Synchronizing a member node with a primary node. Log in to the Identity Service Center. Start the Request Access wizard and verify that the appearance of the access cards reflects the customization that you made.

Parent topic: Request Access wizard