Views:

Applies To:

GroupID 9 and 10 – Self-Service

Problem Statement:

We have users who are owners of numerous groups in our domain. We want the users/administrators to be able to view a list of all the groups that a specific user is an owner of. Is there a way to view/show all the groups owned by a user in the Self-Service portal?

Methodology:

The Self-Service module in GroupID Management Console enables us to customize the Self-Service portal based on our requirements. We can add a wide range of functionalities to the portal using the Self-Service module.

In this article, we will be making changes to the design of the Self-Service portal to add a new field to user properties, that will enable us to view the groups owned by users. We will link this new field to the managedObjects attribute. By default, this attribute is only replicated for groups in GroupID. To use managedObjects for users, we need to include it in replication. The steps in this article guide you through the whole process.

The default properties page of Users looks as:

Graphical user interface, application, Teams<br><br>Description automatically generated

Note: Before making any changes to your current environment, it is recommended to create a backup/snapshot/checkpoint of the GroupID server.

Steps:

  1. Go to the following path:

    X:\Program Files\Imanami\GroupID 10.0\Replication\IdentityStoresReplicationAttributes

    The XML file for each of the identity stores is available here. This file contains the list of all the attributes that are replicated in GroupID for Group, User, and Computer objects.

  2. Using Notepad, open the XML file of the identity store that you want to add the Owned objects field for.

  3. Find the managedObjects attribute using Ctrl+F. It will be available under the attribute list for Group.

    Graphical user interface, text, application<br><br>Description automatically generated

  4. Copy the line highlighted in the above image, scroll down, and paste it under the User attribute list.

    Graphical user interface, text, application<br><br>Description automatically generated

  5. Once done, save the changes and close the XML file.

  6. Now, open Registry Editor and go to the following path:

    HKEY_LOCAL_MACHINE\SOFTWARE\Imanami\GroupID\Version 10.0\Replication

  7. On expanding the Replication registry, you will see your identity stores there. Go to your domain’s identity store, remove value data from User (since we have added a custom attribute for the User class), and hit OK. We must replicate the users from scratch as we added a new attribute that needs to be loaded to Elasticsearch.

  8. In GroupID Management Console, go to the Replication tab for the identity store and click Replicate Now in the Replication Service area. It starts the replication process for Users within your domain. Once done, the managedObjects attribute will be added.

  9. After this, in GroupID Management Console, expand the Self-Service node and then the portals.

  10. Go to the Design node of the Self-Service portal for which you want to add the owned objects option.

  11. On the Properties tab, select User from the Select Directory Object dropdown list.

  12. Click Add.

  13. On the Add Category dialog box, provide a suitable name for the category and click Add.

  14. On the Add Field dialog box, select managedObjects in the Field dropdown list and provide a display name for it.

  15. Select DNs in the Display Type dropdown list, fill in advanced options, and click OK.

  16. A new field will be added in the Fields box on the Add Category dialog box. Click OK.

  17. Save the changes by clicking the Save icon on the Designs tab.

  18. Refresh/relaunch the Self-Service portal and open the properties of any user. There will be a new tab for Owned Objects added there, as shown below, where all the groups owned by the user are listed.

Keywords: Self-Service, User, Group, Design, Owned Groups, Objects