Managing Personas
Personas are special representations of users, so we recommend reading the section "Managing Users" to become familiar with the user management tasks that also apply to personas. The following user functionality also applies to personas:
-
Personas may have privileges (roles, permissions, groups) assigned that are maintained by the same processes as for users.
-
The privilege resolution process also applies to personas, resulting in creation of accounts and group assignments.
-
Personas have the same states as users, but their life-cycle is controlled by the related user’s life-cycle.
The following sections describe special aspects of persona management, including:
-
Where to locate personas in the user tree.
-
How to manage personas.
-
How to work with persona states.
-
How to work with links at persona entries.
Locating Personas
Persona objects reside under the cn=Users subtree, where they are mixed with user objects and functional users that also populate this subtree.Although you are allowed to locate a persona object anywhere in the cn=Users subtree, we recommend locating a persona object in the same folder as its corresponding user object, because it is tightly linked to its related user and cannot exist without it.
Working with Personas
Working with personas consists of the following tasks:
-
Viewing persona properties
-
Adding personas to the Identity Store
-
Deleting personas from the Identity Store
-
Changing the attributes of existing personas
When DirX Identity masters the persona data, you use DirX Identity Manager to perform these tasks by hand.
Viewing Personas with DirX Identity Manager
When you log into DirX Identity Manager and then select Users from the view bar, DirX Identity Manager displays a hierarchical tree of the users, personas and functional users that you are allowed to manage in the left-hand pane.
Users, personas and functional users are distinguished in the user tree by their different icons, as shown in the following figure:
To view the properties of a persona, click its entry in the tree. It is displayed in the same tabs as a user.
If a persona is not in the ENABLED state, its current status is displayed in brackets at its entry. For more information about persona states, see the section "Persona States" in the section "Managing States" in the chapter "Managing Provisioning" and the section "Working with Persona States".
Adding Personas with DirX Identity Manager
To add a new persona with DirX Identity Manager:
-
Click a user folder in the Users subtree or click the top-level Users folder. When adding a persona, we recommend adding it to the folder that contains the user to which the persona belongs.
-
Select New -> Persona in the context menu. The General tab is displayed for editing, and the mandatory attributes for a user (the user’s common name (cn) and surname (sn)) are displayed in red.
-
Click the Relationships tab and then select the persona’s owner (this is the user that is connected with the persona).
You can also use Web Center to create a persona. In Web Center, persona creation is performed by a request workflow with an activity that uses the related user as a template for creating the persona. You can configure the attributes to be copied from the owner and the location at which to create the persona. See the section "Using the Users Menu" in the chapter "Using DirX Identity Web Center" in the DirX Identity User Interfaces Guide for details.
Specifying a Persona Lifetime
When you add a new persona, you can specify a persona lifetime: a start and end date. Define the start and end dates for the persona as you would for users. However, remember that the persona’s life-cycle is related to the user’s life-cycle, so that:
-
Disabling the persona’s owner also disables the persona, unless it is in state TBDEL.
-
If the user’s state changes to TBDEL, all his related personas also change their states to TBDEL and their delete dates are set.
-
If you delete a persona, it does not affect the user’s state.
Deleting Personas with DirX Identity Manager
To delete a persona, click it and then select Delete from the menu bar or context menu.The delete process for personas is the same as for users.See the section "Deleting Users with DirX Identity Manager" for details.
Changing Persona Attributes with DirX Identity Manager
You change a persona’s attributes as you would a user’s attributes, using the same available tabs.See the section "Changing User Attributes with DirX Identity Manager" for details.
A set of persona attributes is mastered from its owner, the related user.You can’t edit these attributes at the persona, but they are automatically updated to the user’s values when the persona is saved.If an attribute that is mastered to the persona is changed during a user edit or if a state change occurs, the related personas are updated with the new values.
Working with Persona States
The DirX Identity Provisioning system recognizes the same states for personas as for users:
-
NEW - the persona has been added to the user subtree but is not yet activated.
-
TEMPLATE - the persona has been created as a persona template.
-
ENABLED - the persona has been activated (its start date has arrived).
-
DISABLED - the persona has been deactivated.All of the accounts associated with the persona are also disabled.
-
TBDEL - the persona end date has arrived, and DirX Identity has marked the persona for deletion.
The Status field in the Operational tab for a persona displays the persona’s current state.In the tree view, the current status of a persona is displayed in brackets at each persona entry if the persona is not in the ENABLED state.For detailed information about persona states, see the section "Managing States" in the chapter "Managing Provisioning".
Working with Links at Persona Entries
You can link persona entries to the same objects as user entries.See the section "Working with Links at User Entries" in the chapter "Managing Users" for details.
The owner link is of special importance for a persona: it contains the reference to its related user.