User Self-Care operations

ISAM provides some pre-defined authentication policies for enabling certain User Self-Care operations, such as account creation, password reset, and lost ID retrieval. We can customize these pre-defined authentication policies to suit our particular needs, for example:

• The OTP mechanism can be removed from the Create User flow so that an OTP is no longer required when a user creates an account.
• The secondary attribute used in the Password Reset and Lost ID flows can be changed from surname to another attribute.
• The required attributes collected when an account is created during the Create User flow can be modified.

We can also use these pre-defined authentication policies as building blocks to compose new User Self-Care scenarios. The logic and server-side processing is almost entirely performed in JavaScript mapping rules. These existing rules can be extended or transformed. New rules can also be written to implement different features.

The pre-defined authentication policies all use HTML templates, which can be customized to match your application. Each policy includes a list of the HTML templates used.

Form pre-population and handling of responses is performed by JavaScript mapping rules. Each policy includes a list of the JavaScript mapping rules used.

Prerequisites

Before we use any of the authentication policies to achieve SCIM account management, we must complete the following prerequisite setup:

• Create a server connection to the SCIM application endpoint.
  1. Log in to the local management interface.

  2. Click AAC

  3. Under Global Settings, click Server Connections.

  4. Click New and select Web Service.

  5. Details of your SCIM application endpoint.

     If we are using the SCIM application included with ISAM, the URL is <runtime_endpoint>/scim. The user name and password can be that of any user who is part of the Administration Group that is defined in the SCIM Configuration.

  6. Save and deploy the changes.

• Configure the authentication policies to make use of the SCIM application endpoint.
  1. Log in to the local management interface.

  2. Click AAC

  3. Under Policy, click Authentication.

  4. Click Mechanisms.

  5. Select the SCIM Endpoint Configuration mechanism and click Edit.

  6. On the Properties tab in the Modify Authentication Mechanism window, select the Server Connection entry and click Edit.

  7. In the Modify Property window, select from the list the server connection created in the previous step and click OK.

  8. Save and deploy the changes.

• Account Create policy
  
• Password Reset policy
  
• Lost ID policy
  
• Disable and re-enabling a predefined User Self-Care policy
  

Parent topic: SCIM account management