Use the PeopleUpdate Administration Console Attributes configuration page to indicate which attributes are available on a particular tab. You can also set display properties about attributes that determine how they behave and render in the Search Console.
You must have administrative access to the PeopleUpdate Administration Console to modify the attribute configuration for a tab.
Log in to the Administration Console. Click here for more information about logging into the Administration Console.
Click Attributes in the left navigation bar in the Tab Configuration section.
You can easily add attributes to the configuration and then make those attributes available for searching, displaying in results or editing.
|
Alias |
Specifies a friendly display name users will see for the attribute in Search Console pages |
|
LDAP Name |
Designates the Active Directory LDAP name (displayname attribute) for the attribute |
Navigate to the Administration Console’s Attributes page.
Select the tab to which you want to add the new attribute.
Enter a friendly display name in the Alias field and the Active Directory name for the attribute in the LDAP Name field.
Click Add Attribute to add the attribute to your PeopleUpdate attribute configuration for the current tab.
You can configure an attribute to use secondary pages for attribute editing, including both a search and summary page. Secondary pages are useful for attributes stored by distinguished name (DN), including Assistant, Manager, Groups, Group Members, and Secretary. Clicking the search icon next to the attribute on the PeopleUpdate edit page will open the specified secondary pages for searches and summary results.
Note: If you do not specify a secondary search page, the search and summary results page from the task item will be used.
Log in to the Administration Console. Click here for more information about logging into the Administration Console.
Click Attributes in the left navigation bar in the Tab Configuration section.
Edit the attribute for which to set secondary pages.
Choose the appropriate Secondary Search and Summary Page for your needs. See the Secondary Pages property documentation for more information.
Save the change to the attribute.
Change the properties of attributes in your configuration to specify exactly how you want attributes to behave for a tab. You will most often set up list choices, access control list and editing input masks using this procedure.
|
Alias |
Specifies a friendly display name that users will see for the attribute in Search Console pages |
|
LDAP Name |
Designates the Active Directory LDAP name (displayname attribute) for the attribute |
|
Deny Wildcard |
Enforces a global denial for using wildcarding while searching. Items that have Store as DN checked automatically set themselves to deny wildcarding since an attribute stored by its distinguished name cannot be wildcarded in a search. |
|
Store by DN |
Ensures the attribute you are configuring is searched in the directory using its distinguished name. PeopleUpdate automatically performs a second search on all items stored by distinguished name and returns the LDAP cn attribute to display as the friendly name. |
|
Access Control List |
Specifies the access control list (ACL) to use to secure who can edit the attribute. Use the drop-down list to select an access control list to apply to the attribute. You can create new access control lists on the Security page. Note: You cannot set an ACL for the "c" and "countryCode" attributes since these are special attributes used in conjunction with the "co" attribute that updates a user's country based upon the ISO-3166 standard. You may only set an ACL for the "co" (Country Name) attribute using PeopleUpdate. |
|
List Choices |
Displays the items currently in the list and allows you to add new items to the list. When you add new items, set the Display Text to the text you want to show in the list. Set the Search Filter to the actual search filter you want to match for the attribute. You can leave this value blank if you want to search using the Display Text. For example, you can set the Department attribute's choice list Display Text to "HR" while setting the Search Filter to "ldap:(|(HR*)(Human Resources*))" and this would cause PeopleUpdate to search for a match for either HR or Human Resources, not just HR. Note that using the "ldap:" text before the search filter allows you to input a complete LDAP search filter to use for searching. PeopleUpdate allows you to configure a Stored Value setting that is different from the Display Text and Search Filter values. The Stored Value designates the actual text value to store in Active Directory when an attribute value is updated using a PeopleUpdate choice list. This functionality allows you to support, among other scenarios, a multi-lingual environment where the AD value is stored in one language but the Display Text can be a different language to show in each tab. You may use the Show Active Directory values not in list on Search Console Edit pages check box to show Active Directory values that are not in a choice list when on the Edit page updating a choice list value. This adds the value not in the list to the list so that a user can update the data to the same value. For example, if your Department attribute choice list contains four values, HR, IT, Marketing and Sales, this option would show an additional item called Accounting when editing a user who's department is set to Accounting in Active Directory. Note: The Show Active Directory values not in list on Search Console Edit pages check box only shows in the List Choices options when you have added at least one item to the list. You can also set the default selected item or delete an item from the list. |
|
List Preview |
Displays the list choices in a drop-down list |
|
Enable Input Mask |
Click the checkbox to enable an input mask for users when editing attributes. Note: Enabling the input mask can only be done if there is no drop-down list present. You must delete each item from the drop-down list from List Choices before the Enable Input Mask checkbox is enabled. |
|
Input Mask |
Input mask to be used on the edit page 0 Digit (0 through 9, entry required; plus [+] and minus [-] signs not allowed). 9 Digit or space (entry not required). # Digit or space (entry required). L Letter (A through Z, entry required). ? Letter (A through Z, entry optional). A Letter or digit (entry required). a Letter or digit (entry optional). & Any character or a space (entry required). C Any character or a space (entry optional).
. , : ; - / Decimal placeholder and thousands, date, and time separators. (The actual character used depends on the regional settings specified in Microsoft Windows Control Panel.)
< Causes all characters that follow to be converted to lowercase.
> Causes all characters that follow to be converted to uppercase.
\ If in front of any character appears the "\" (escape) character, then that character becomes the literal part of mask. For example, if mask is set to the "A\AB\B\\\##\99" and control has no data, then text in edit mode will appear as "_ABB\#_9_". Where the "_" are available positions for entry Note:
The following table shows some useful input mask definitions and examples of values you can enter into them. (000) 000-0000 (206) 555-0248 (000) AAA-AAAA (206) 555-TELE |
|
URI Configuration |
Render E-Mail Addresses as Linkable: Controls the link behavior of e-mail address values for this attribute. Default inherits the global value set on the Branding page. True overrides the global settings and always renders e-mail addresses as links. False overrides the global settings and never renders e-mail addresses as links. Render URIs as Linkable:Controls the link behavior of Universal Resource Indicator (URI) values for this attribute. Default inherits the global value set on the Branding page. True overrides the global settings and always renders URIs as links. False overrides the global settings and never renders URIs as links. URI Target: Specifies the target for URIs rendered as links for this attribute and overrides the global value set on the Branding page. You can use the default HTML options of "_blank," "_parent," "_self" or "_top." You may also enter a name for a window and all links for this attribute will target the same new window. |
|
Text Box Configuration |
Default width of the edit text box for this attribute. Overrides the global value set on the Branding page |
|
Secondary Pages |
You can set secondary search pages to change the search page behavior for Active Directory attributes stored by distinguished name (DN). If you do not set secondary pages, the search and summary results pages from the task item are used instead. Secondary Search Page: Set the secondary search page that you want to display when this distinguished name attribute is edited. This page will pop up when the search icon is clicked on the edit page. Secondary Search Page: Set the secondary summary page that you want to use to display results when a secondary page search executes. |
Navigate to the Administration Console’s Attributes page.
Select the tab that contains the attribute configuration you want to edit.
Click Edit next to the attribute you want to modify and you will enter edit mode for the attribute.
Make any changes you'd like to the attribute, including setting the alias and name, wildcarding, access control lists, editing input masks and list choices.
Click Save to update the attribute configuration changes. Click Cancel to revert your edit mode changes without saving.
Note: Any changes you save for an attribute automatically update throughout the application for all pages.
You can control group membership using two attributes in PeopleUpdate. These attributes include the memberOf and member attributes (LDAP names), which correspond to the user and group object types, respectively. You control membership from the user side using the memberOf attribute and membership from the group side using the member attribute. If you apply an access control list that allows users to access either of these attributes, the PeopleUpdate edit page interface will render a search icon for the attribute and allow users to modify membership by looking up groups or users.
Note: When modifying group membership from the group side, you must ensure that groups are searchable and returned in your search results so you can manage them. To do this, you typically modify the Default Search Filter on the Directory configuration page to something like "(|(objectcategory=person)(objectcategory=group))," which returns all users and groups. Optionally, you can change the filter to only return groups.
Finally, you can easily enable group management from the user side by setting an ACL for the memberOf attribute and putting the attribute on the edit page. This will allow authorized users to change group memberships for individual users by editing the user's account.
To delete an existing attribute, click the X in the right column of the attribute you want to delete. After you confirm this operation, it deletes the attribute and any references to it in the remainder of the application, including search and results pages.
You can control access to account management features available on a tab by changing the access control lists that apply to account management operations.
|
SetPassword |
ACL applied here controls who has access to set passwords on user accounts |
|
EnableAccount |
ACL applied here controls who has access to enable or disable user accounts |
|
UnlockAccount |
ACL applied here controls who has access to unlock locked out user accounts |
|
ChangePassword |
ACL applied here controls who has access to change passwords on user accounts |
You can control access to object provisioning features available on a tab by changing the access control lists that apply to these operations. This specifically applies to giving users the ability to delete objects from the directory.
Warning: This is a very powerful feature that absolutely deletes an object from the directory and use care when assinging access control lists to this feature.
|
DeleteObject |
ACL applied here controls who has access to delete objects on the tab; this applies to all objects accessible on the tab, except when you use the special SELF and MANAGER access control entries |