This is an old revision of the document!


IdM-Portal documentation

Overview

The portal is available at https://idm.gwdg.de. You can log in via ldap with your username/e-mail address or via single sign-on. The portal is available in english or german. You can change the language in the top right corner.

The navigation menu is on the left side. The menu is divided into Workspaces and Actions. Each workspace is a separate environment where different types of objects like users or distribution groups can be found. Available actions such as search or create always refer to the currently selected workspace.

User management

You can search for objects based on different attributes like username, e-mail address, user status, firstname, lastname, etc.


For some attributes a value must be selected (e.g. user status).


The * character can be used as a wildcard, but only with the operator: equal. You can use “username equal *” if you want to find all available objects.

Search results

A list of objects will be shown after submitting the search form.

You will be directly redirected to the edit page, if only one object was found.

The search result list contains a subset of the objects attributes. The shown attributes can be customized on the personal settings. A user can be edited by clicking the edit button on the right. Below the search condition are links copy the result to clipboard, export to excel/csv and to open a print view.

Edit

After switching to the edit page new specific actions for the currently selected object appear on the left side menu. Attributes of a selected object are categorized into groups like general user data or Email. You can show/hide a group by clicking on the + or - Symbol on the right.

History

By clicking the history action attribute and password changes can be reviewed.

Please note that this view contains only changes made by administrators via the idm portal. Changes via the idm synchronization mechanisms (drivers) are not displayed.

Personal settings

The personal settings menu can be used to change for example the number of elements or the attributes shown after searching.

Special attribute descriptions

Email forwarding

Two attributes can be used to forward incoming mails: routing addresses and exchange redirect address. If the user has an exchange mailbox you should use the exchange redirect address, otherwise use routing addresses.

Name Multiple values Forward internal sent emails
routing addresses yes no
exchange redirect address no yes

If the source and the target mailbox are within the same Exchange organization the mail is delivered directly into the target mailbox which prevents the routing addresses attribute from taking effect.

Visibility in Exchange addressbook

By default, all users are displayed in the Exchange address lists. To change this setting check the hide from address lists checkbox.

When using the Exchange cache mode with an Outlook client, the updating of the address book can take up to 48 hours. Outlook Web Access under https://email.gwdg.de instantly shows the changed settings.

Remove Active Directory short time lockout

The Active Directory automatically locks a user account for a certain time (usually 30 minutes) if the password is entered incorrectly for 3 times. To remove this lock the corresponding short time lockout (AD) checkbox must be unchecked.

Enable/Disable

You can enable and disable accounts by changing the user status. Send an email to support@gwdg.de if you want to reactivate a deleted accout.

Delete

Users can be deleted by activating the deferred deletion. An information email is send to the user regarding the deletion of the account. The user will be automatically set to status delete after 14 days.

Expiration date

You can set an expiration date for users. The deferred deletion will be activated when the expiration date is reached.

Password

Change

Passwords are set as an initial password according to the following table. Initial passwords expire 14 days after password change. The user will be disabled if the password is not changed within this period.

Organization Initial password Expiration Notification
All yes 14 days 7 days before expiration
UNI no 1 year 4 weeks before expiration weekly,
7 days before expiration daily
MPG no never or upon request

Generate and print

You can also generate a random password by clicking the Generate button. You must save or save & print the password afterwards.

A PDF document will be generated and opened if you choose Save and Print.

The template for the generated PDF file can be set individually for each institution. If you desire to use a non-standard template, write a mail to idm-support@gwdg.de. The template should be created in the docx format. As placeholders the following values can be used: first name, last name, username, password

Distribution list management

Distribution list overview

Currently there are three different types of distribution lists: LDAP distribution list, static Exchange distribution group and dynamic Exchange distribution group.

LDAP distribution list

  • May contain external email addresses
  • Not visible in the Exchange addressbook

Static Exchange distribution group

  • May only contain members within the Exchange organization (inlcuding email enabled users)
  • Visible in the Exchange addressbook
  • Members are shown in addressbook
  • Send permissions can be defined

Dynamic distribution group

  • May only contain members within the Exchange organization (inlcuding email enabled users)
  • Members are added automatically based on a specified filter expression
  • Send permissions can be defined
  • Can be shown in Exchange addressbook

Create

To create a distribution list you must first choose the correct workspace and click create.

Delete

You must first switch to the edit view of a distribution list. There you can click the delete action on the left.

Be aware that the deletion is immediately and a deleted list can not be recovered.

Static Exchange distribution group

Add / Remove members

A user can be added by clicking the Add button and insert the username or email address.


Alternatively you can open a search form by clicking select if you don't know the username or email address.


Members can be removed by selecting them in the grid and click the remove button.

Send permissions

You can set send permissions to control who can send to the list. Users who are not allowed will receive a notification email if they try to send to the list. You can choose between different settings:

  • Unrestricted or as specified (default): Everybody is allowed to send to the list if the send permission list is empty otherwise only the specified users/groups are allowed to send to the list.
  • Organization: All users of your organization with an Exchange mailbox or email enabled users are allowed to send to the list.
  • Institute: All users of your institution with an Exchange mailbox or email enabled users are allowed to send to the list.

Dynamic Exchange distribution group

Overview

Dynamic Exchange distribution groups are used to add members based on a filter expression. This filter specifies which attribute values an object needs to be part of this group (e.g. all objects with the attribute “department” set to “A”).

You can easily create a distribution group for all members of the department “AG I” by using the filter “( department -eq 'AG I')
All new staff will automatically be added to this group if the department is set to AG I.”

The Filter uses the OPath-Syntax: $variablename -operator 'value'.
You can use parentheses for complex filters as well.

Supported variables

Variable Description
$department Department
$title Job title
$usertype User type (0 = normal user, 1 = time based user, 2 = course user, 4 = function account)
$userstatus User status (0 = active, 1 = disabled, 2 = delete)
$filterattribute1 User defined attribute
$filterattribute2 User defined attribute
$filterattribute3 User defined attribute

Valid operators

Operator Description
-eq Equal
-ne Not equal
-like Like (Wildcard: *)
-and And
-or Or
-not Not

The filter is applied to all objects of your organization (MPG, UNI) by default. You can check the box Add institute users only to reduce the set of objects to your institution only.