IdM-Portal documentation

The portal

The portal is available at https://idm.gwdg.de

Requirements

You need a current browser with JavaScript enabled.

Structure

The portal provides a complete localization and is currently available in German and English.You can change the language in the top right corner. The navigation is on the left side. Available actions referring to the current workspace are shown in the blue field.

User management

You can search for objects based on diffenent attributes. Some of these attributes can be filled with text (e.g. username):


and for some a value must be selected (e.g. user status).


The * character can be used as a wildcard, but only with the operator “equal”.

You can use “username equal *” if you want to find all available objects.

Autocompletion

The portal has got an autocompletion function. This function is active for operators contains and starts with only.

Search results

A list of objects will be shown after submitting the search form.

You will be directly redirected to the edit page, if only one object was found.

This list contains some attibutes of the found objects. A user can be edited by clicking the edit button on the right. Below the search condition are links to export the results to a csv file and open a print view.

Edit

Overview

After switching to the edit page a new blue navigation box appears on the left side. The box contains specific actions available for the current selected object.

Email forwarding

Two attributes can be used to forward incoming mails: routing addresses and exchange redirect address. If the user has an exchange mailbox you should use the exchange redirect address, otherwise use routing addresses.

Name Multiple values Forward internal sent emails
routing addresses yes no
exchange redirect address no yes

If the source and the target mailbox are within the same Exchange organization the mail is delivered directly into the target mailbox which prevents the routing addresses attribute from taking effect.

Visibility in Exchange addressbook

By default, all users are displayed in the Exchange address lists. To change this setting check the hide from address lists checkbox.

When using the Exchange cache mode with an Outlook client, the updating of the address book can take up to 48 hours. Outlook Web Access under https://email.gwdg.de instantly shows the changed settings.

Remove Active Directory short time lockout

The Active Directory automatically locks a user account for a certain time (usually 30 minutes) if the password is entered incorrectly for 3 times. To remove this lock the corresponding short time lockout (AD) checkbox must be unchecked.

Enable/Disable

You can enable and disable accounts by changing the user status. Send an email to support@gwdg.de if you want to reactivate a deleted accout.

Delete

Users can be deleted by activating the deferred deletion. An information email is send to the user regarding the deletion of the account. The user will be automatically set to status delete after 14 days.

Expiration date

You can set an expiration date for users. The deferred deletion will be activated when the expiration date is reached.

Password

Change

The change password link is shown on the edit page of an object. You can choose whether you want to set the password as an initial password. Initial passwords expire 14 days after password change. The user will be disabled if the password is not changed within this period.

Organization Initial password Expiration Notification
All yes 14 days 7 days before expiration
UNI no 1 year 4 weeks before expiration weekly,
7 days before expiration daily
MPG no never or upon request

Generate and print

You can also generate a random password by clicking the Generate button. You must save or save & print the password after generation.

A PDF document will be generated and opened if you choose Save and Print.

The template for the generated PDF file can be set individually for each institution. If you desire to use a non-standard template, write a mail to support@gwdg.de. The template should be created in the docx format. As placeholders the following values can be used: first name, last name, username, password

Distribution list management

Distribution list overview

Currently there are three different types of distribution lists: LDAP distribution list, static Exchange distribution group and dynamic Exchange distribution group.

LDAP distribution list

  • May contain external email addresses
  • Not visible in the Exchange addressbook

Static Exchange distribution group

  • May only contain members within the Exchange organization (inlcuding email enabled users)
  • Visible in the Exchange addressbook
  • Members are shown in addressbook
  • Send permissions can be defined

Dynamic distribution group

  • May only contain members within the Exchange organization (inlcuding email enabled users)
  • Members are added automatically based on a specified filter expression
  • Send permissions can be defined
  • Can be shown in Exchange addressbook

Search

Edit

Create

To create a distribution list you have to choose the correct workspace and click the create button.

Delete

You must first switch to the edit view of a distribution list. There you can click the delete link which is located in the blue selection box on the left.

Be aware that the deletion is immediately and a deleted list can not be recovered.

LDAP distribution list

Edit

Add / Remove members

Adding and removing members to a LDAP distribution list is similar to static Exchange distribution groups. The differece is, that there is no grid with members. The members are shown as a list and each of them got a remove button to remove this member. Another difference is that you can add members only by email address and not by username.

Static Exchange distribution group

Edit

Visibility in Exchange addressbook
Add / Remove members

A user can be added by clicking the add button and insert the username or email address.

You can open the select form by clicking the select button if you don't know the username or email address. In the select form you can search for objects.

Members can be removed by selecting them in the grid and click the remove button.

Send permissions

You can set send permissions to control who can send to the list. Users who are not allwed will recieve an email if they try to send to the list. You can choose between four settings:

  • Unrestricted or as specified (default): Everybody is allowed to send to the list if the send permission list is empty otherwise only the specified users/groups are allowed to send to the list.
  • Organization: All users of your organization with an Exchange mailbox or email enabled users are allowed to send to the list
  • Institut: All users of your institution with an Exchange mailbox or email enabled users are allowed to send to the list

Dynamic Exchange distribution group

Overview

Dynamic Exchange distribution groups are used to add members based on a filter expression. This filter specifies which attribute values an object needs to be part of this group (e.g. all objects with the attribute “department” set to “A”).

You can easily create a distribution group for all members of the department “AG I” by using the filter “( department -eq 'AG I')
All new staff will automatically be added to this group if the department is set to AG I.”

The Filter uses the OPath-Syntax: $variablename -operator 'value'.
You can use parentheses for complex filters as well.

Supported variables

Variable Description
$department Department
$title Job title
$usertype User type (0 = normal user, 1 = time based user, 2 = course user, 4 = function account)
$userstatus User status (0 = active, 1 = disabled, 2 = delete)
$filterattribute1 User defined attribute
$filterattribute2 User defined attribute
$filterattribute3 User defined attribute

Valid operators

Operator Description
-eq Equal
-ne Not equal
-like Like (Wildcard: *)
-and And
-or Or
-not Not

The filter is applied to all objects of your organization (MPG, UNI) by default. You can check the box Add institute users only to reduce the set of objects to your institution only.

Visibility in Exchange addressbook

Send permissions