Applies To:
GroupID 9 and 10 - Self-Service
Business Scenario:
Smart Cards facilitate interactive logon. We would like to add a field in the Self-Service portal for enabling or disabling login via Smart Card. Helpdesk users can enable or disable the setting on a need basis per user. Is there a configuration in GroupID where I can create a new field, ‘Smart card is required for interactive logon’ for a user?
This field should work as follows:
- When the ‘Smart card is required for interactive logon’ checkbox is selected, the userAccountControl attribute value should become 0x50200.
- When it is not selected, the attribute value should become 0x10200.
Explanation:
It is possible to achieve the above in the Self-Service portal from the Self-Service > Designs node in GroupID Management Console.
First, both the values for the userAccountControl attribute are hexadecimal values; they need to be converted to decimal in order for them to pass. These hex values translate to the following:
- 0x50200 328192 "checked"
- 0x10200 66048 "not checked"
Steps:
- First, we have to create a custom display type. In GroupID Management Console, go to Self-Service > Portals > [Required portal] > Designs > [Required portal].
- On the Custom Display Types tab, click Add.
-
On the New Display Type dialog box, provide a name for this display type and select its type. For example, we can select Dropdown List here, but you can use any other option you prefer. Then click OK.
-
On clicking OK, the following dialog box is displayed. Click Add.
-
We have to create two values that will be displayed in the drop-down list; one for Enabled and one for Disabled, with 328192 and 66048 respectively. Set the visibility to Helpdesk for both.
For example, enter the following values for 'Disabled' and click OK.
-
Click Add once again, provide the following values for Enable, and click OK.
-
It should be displayed as:
-
Click OK and save the settings.
-
Go to the Properties tab and select User from the Select Directory Object list. Then click Add.
-
On the Add Category dialog box, type a name for the new tab, for example, Smart Card. Select a visibility level and access level; then click Add.
-
Select the userAccountControl attribute from the Field list. Give it a display name and then select the display type we created in steps 1-8. Click OK.
-
Click OK. Then click the Save icon to save the settings.
Test the Results:
Log into the Self-Service portal and open the properties of a user object. You will find a new tab named Smart Card. Here, you can select True (Enable) or False (Disabled) from the Smart Card drop-down list.
This would set the respective value for the userAccountControl attribute in AD.
See Also:
GroupID Online Help topic: Defining and using Custom Display Types