Views:

Applies To:

GroupID 9 and 10 - Self-Service

Business Scenario:

Smart Cards facilitate interactive logon. We would like to add a field in the Self-Service portal for enabling or disabling login via Smart Card. Helpdesk users can enable or disable the setting on a need basis per user. Is there a configuration in GroupID where I can create a new field, ‘Smart card is required for interactive logon’ for a user?

This field should work as follows:

  • When the ‘Smart card is required for interactive logon’ checkbox is selected, the userAccountControl attribute value should become 0x50200.
  • When it is not selected, the attribute value should become 0x10200.

Explanation:

It is possible to achieve the above in the Self-Service portal from the Self-Service > Designs node in GroupID Management Console.

First, both the values for the userAccountControl attribute are hexadecimal values; they need to be converted to decimal in order for them to pass. These hex values translate to the following: 

  • 0x50200 328192 "checked"
  • 0x10200 66048 "not checked" 

Steps:

  1. First, we have to create a custom display type. In GroupID Management Console, go to Self-Service > Portals > [Required portal] > Designs > [Required portal].
  2. On the Custom Display Types tab, click Add.

  3. On the New Display Type dialog box, provide a name for this display type and select its type. For example, we can select Dropdown List here, but you can use any other option you prefer. Then click OK.

  4. On clicking OK, the following dialog box is displayed. Click Add.

  5. We have to create two values that will be displayed in the drop-down list; one for Enabled and one for Disabled, with 328192 and 66048 respectively. Set the visibility to Helpdesk for both.
    For example, enter the following values for 'Disabled' and click OK.

  6. Click Add once again, provide the following values for Enable, and click OK.

  7. It should be displayed as:

  8. Click OK and save the settings.

  9. Go to the Properties tab and select User from the Select Directory Object list. Then click Add.

  10. On the Add Category dialog box, type a name for the new tab, for example, Smart Card. Select a visibility level and access level; then click Add.

  11. Select the userAccountControl attribute from the Field list. Give it a display name and then select the display type we created in steps 1-8. Click OK.

  12. Click OK. Then click the Save icon to save the settings.

Test the Results:

Log into the Self-Service portal and open the properties of a user object. You will find a new tab named Smart Card. Here, you can select True (Enable) or False (Disabled) from the Smart Card drop-down list.

This would set the respective value for the userAccountControl attribute in AD. ​

See Also:

GroupID Online Help topic: Defining and using Custom Display Types

Keywords: Self-Service, Active Directory, custom, display types, attributes, smart card, logon, enable, update