Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:czechidm_installation_finalize [2019/08/12 10:27] fiserp [Schedule the tasks] |
tutorial:adm:czechidm_installation_finalize [2020/08/24 14:29] apeterova init data - note |
||
---|---|---|---|
Line 21: | Line 21: | ||
===== Password policy ===== | ===== Password policy ===== | ||
- | Go to Settings -> Password policies and set the [[devel: | + | Go to Settings -> Password policies and set the [[devel: |
+ | |||
+ | It's recommended to set [[tutorial: | ||
If you want to use **Maximum password age**, you will probably want to notify users when their passwords are going to expire. To do so, schedule the tasks [[devel: | If you want to use **Maximum password age**, you will probably want to notify users when their passwords are going to expire. To do so, schedule the tasks [[devel: | ||
Line 27: | Line 29: | ||
===== Allow users into CzechIdM ===== | ===== Allow users into CzechIdM ===== | ||
+ | |||
+ | FIXME For 10.5+, userRole is created by default - [[devel: | ||
In the fresh installation, | In the fresh installation, | ||
Line 32: | Line 36: | ||
Typically, you want to enable the users to see their profile, request for roles or change their password. This is done by a special role called **userRole**. [[tutorial: | Typically, you want to enable the users to see their profile, request for roles or change their password. This is done by a special role called **userRole**. [[tutorial: | ||
+ | Users may authenticate by their local CzechIdM password, or you may configure authentication against some of the connected systems - typically AD or LDAP ([[devel: | ||
===== Configure the approval process ===== | ===== Configure the approval process ===== | ||
Line 75: | Line 80: | ||
idm.sec.acc.processor.identity-contract-before-save-processor.includeSubordinates=false | idm.sec.acc.processor.identity-contract-before-save-processor.includeSubordinates=false | ||
</ | </ | ||
- | | + | |
+ | ==== Configure password reset for all systems including IdM ==== | ||
+ | Please try check you project if you want reset password to all connected systems including CzechIdM after user's state will be evaluated from disable state to enabled state. This change is processed by processor **IdentitySetPasswordProcessor (acc-identity-set-password-processor)**. You can disable it by configuration property or GUI agenda of processors (it is equivalent). | ||
===== Schedule the tasks ===== | ===== Schedule the tasks ===== | ||