Share via

ILM "2" Beta 3 Portal Configuration

  • Article

The layout and design of the Microsoft® Identity Lifecycle Manager "2" (ILM "2") Web Portal can be easily customized and configured to better match your particular work environment. By customizing configuration objects in the Web portal, you can:

  • Change the wording and logo on the banner
  • Add, modify, or delete items on the navigation bar
  • Add, modify, or delete items on the home page
  • Add, modify, or delete Search Scopes, including Search Scopes that include your custom objects

What This Document Covers

This document covers the steps necessary to modify the banner layout, add items to the navigation bar, add an item to the home page, and create a new search scope.

Prerequisite Knowledge

This document assumes that you have a basic understanding of the ILM “2” Web portal.

Audience

This document is intended for IT planners, systems administrators, architects, technology decision-makers, consultants, infrastructure planners, and IT personnel.

Time Requirements

The procedures in this document will take about 2 hours to complete.

Scenario Description

Fabrikam, a fictitious corporation, wants to customize the Web portal so that the company name appears on the banner. They also want to add a custom object, “Computer”, to the navigation bar, and be able to easily add a computer object as a group member. Lastly, they would like to customize the home page to better suit the administrators.

Testing Environment

To perform the procedures in this document, your environment should have the following characteristics:

  • A server computer that is a member of the Fabrikam forest and hosts the ILM “2” server components.
  • A custom object named Computer, with at least two instances created. For more information on creating a custom object, see the ILM “2” Schema UI Step-by-Step guide in the ILM “2” documentation set.

Implementing the Procedures in This Document

In this section, you will perform four procedures:

  • Modify the banner using the Portal UI Configuration object
  • Add a new item to the navigation bar using Navbar Configurations
  • Modify the layout of the home page using Home Page Configurations
  • Create a new search scope that exposes the custom object “Computer”.

Modify the Banner

The Web Portal banner contains the text and graphics that appear at the top of every page in the Web Portal. In this procedure, you will modify the text, and optionally the graphics, of the banner.

To modify the banner

  1. Log on to the ILM "2" Web portal as Administrator.

  2. On the ILM “2” home page, under Administration, click All resources.

  3. In the list of resources, click Portal UI Configuration.

  4. On the Customized Objects page, click Portal UI Configuration.

  5. Click the Extended Attributes tab.

  6. In Branding Center Text, type Fabrikam Identity Management Portal.

  7. Optionally, to change the image on the right side of the banner, in Branding Right Image, replace the default URL ~/_layouts/images/MSILM2/ILM2blocks.gif with a different image, ~/_layouts/images/MSILM2/newevent.gif

  8. Click OK, then click Submit.

  9. To verify the changes, press F5 to refresh the page.

    Note

    By default, ILM “2” will refresh the configuration changes within 10 minutes. To force an immediate refresh, click Start, click Run, type iisreset, and click OK. Then press F5 to refresh the page.

Add an Item to the Navigation Bar

The Navigation Bar is the vertical menu on the left side of the Web Portal. In this procedure, you will add an item to the Navigation Bar named “Computers”, which will display all computer resources.

The display order of items in the Navigation Bar is determined by two properties in every navigation bar configuration – Parent Order and Order. A lower value in the Parent Order puts it higher in the Navigation Bar. For example, in the default ILM “2” installation, the ILM Home navbar configuration specifies a Parent Order of 0, ensuring that it is at the top of the Navigation Bar.

The Order property specifies whether the item is a parent or child. For example, in the default ILM “2” installation, the Distribution List navbar configuration will have a Parent Order of 1, which ensures it will appear after the ILM Home item, and an Order of 0, which means it will appear as a parent item. The My DLs navbar configuration will also have a Parent Order of 1, and an Order of 3, which specifies that it displays under Distribution List and appears 3rd in the list.

Note

Be sure you have created the custom Computer object, and have created instances. See Testing Environment earlier in this document.

To add an item to the navigation bar

  1. From the home page, under Administration, click All Resources.

  2. In the list of resources, click Computers.

  3. On the Customized Objects – Computer page, copy the full URL. This will be the target of the new navigation bar item.

  4. Click ILM Home, then under Administration, click Navbar Configurations. Note that each item in the Navigation Bar has a corresponding navbar configuration.

  5. Click New. In Display Name, type Computers. In Usage Keyword, type BasicUI, then click Next.

  6. In Parent Order, type 10. In Order, type 0, then click Next.

    Note

    The high number of the parent order ensures it will appear at the bottom of the navigation bar, and the order number of 0 specifies that it is a parent item.

  7. In Navigation URL, paste the URL that you copied from the Computer resource page.

    Important

    The URL must be expressed as a relative path, for example ~/identitymanagement/aspx/customized/CustomizedObjects.aspx?type=Computer&display=Computer

  8. Click Next, then click Submit.

  9. To verify the changes, press F5 to refresh the page.

    Note

    By default, ILM “2” will refresh the configuration changes approximately every 10 minutes. To force an immediate refresh, click Start, click Run, type iisreset, and click OK. Then press F5 to refresh the page.

Using Keywords in Configuration Objects

In the previous procedure, you included the UsageKeyword BasicUI as one of the attribute values. UsageKeywords in configuration objects are used in conjunction with Sets and Management Policy Rules as a convenient mechanism to control permissions to an object. For example, adding the UsageKeyword BasicUI to a configuration object puts it in a Set of objects that, by definition of a Management Policy Rule, all users can read.

UsageKeywords are also used in Search Scope configurations to determine on which Web Portal pages the Search Scope is available. For more information, see Creating a Search Scope later in this document.

UsageKeywords can also be defined by the user. To demonstrate, in the following procedure you will restrict access to the Security Group navigation bar item by:

  • Adding a custom UsageKeyword SG to the Security Groups navigation bar object.
  • Creating a Set, Security Groups UI whose members are navigation bar objects with the SG UsageKeyword.
  • Creating a Set of users Security Group Administrators, and a Management Policy Rule that allows users in the IT Department Set to read objects from the Security Groups UI Set.

To use UsageKeywords to control permissions for UI Configuration Objects

  1. Log on to the Web portal as Administrator.

  2. Under Administration, click Navbar Configurations.

  3. Click Security Groups.

  4. In UsageKeywords, type SG.

  5. Click OK, and click Submit.

  6. Repeat steps 3 through 5 for each of the following navigation bar objects:

    • My Groups
    • My Memberships
    • All Security Groups

  7. In the navigation bar, in Management Policies, click All Sets.

  8. Click New.

  9. In Display name, type Security Group UI, and click Next.

  10. Select Enable dynamic membership in current set.

  11. Click all objects, and select all navigation bar configurations.

  12. Click Add Statement, click Click to select attribute, then select UsageKeyword.

  13. Click click to select value, type SG, then click Membership Preview.

  14. Verify that Security Groups is displayed in the list, click Finish, then click Submit.

  15. On the All Sets page, click New.

  16. In Display name, type Security Group Administrators, and click Next.

  17. Leave the Dynamic Membership page blank, and click Next.

  18. In Static Members, click the browse button on the right, select some users to be Security Group Administrators, and click OK.

  19. Click Finish, then click Submit.

  20. Click ILM Home, then under Administration, click Management Policies.

  21. Click New.

  22. In Display name, type Security Group Administrators can read Security Group UI.

  23. Select Grants permission, and click Next.

  24. In Operation, select Read.

  25. In Requestors, select Specific Set of Users, click the browse button to the right, and select Security Group Administrators.

  26. Click Next.

  27. In Target Resource Definition, select Specific Set of Objects, click the browse button to the right, and select Security Groups UI.

  28. Click Next.

  29. Leave the Condition After page blank, and click Next.

  30. Click Submit.

To verify the scenario

  1. Refresh the configuration by running iisreset.

  2. Login as a member of the Security Group Administrators.

  3. Verify that you can see the changes in the UI.

Modifying the Home Page

In this procedure, you will add a new link to the Search Requests page on the Home Page.

The display order of items on the Home Page works the same way that is does in the Navigation Bar, using the Parent Order and Order properties. Additionally, every home page configuration has a Region property which determines where on the home page the item is displayed. For example, in the default ILM “2” installation, Distribution Lists appears in the Central Region, with a Parent Order of 1, and an Order of 0. The About ILM “2” item appears in the Right Region, with a Parent Order of 2, and an Order of 1.

To add a new item to the home page

  1. From the home page, under Requests and Approval in the navigation bar, click Search Requests.

  2. Copy the URL of the Search Requests page.

  3. From the home page, under Administration, click Home Page Configurations.

  4. Click New.

  5. In Display Name, type Search Requests, and click Next.

  6. In Region, select Central region of home page.

  7. In Parent Order, type 4, in Order type 3, then click Next.

  8. In Navigation URL, paste the URL of the Search Results page that you copied in the earlier step.

    Important: The URL must be expressed as a relative path, for example ~/IdentityManagement/aspx/requests/SearchRequests.aspx

  9. Click Next, then click Submit.

  10. To verify the changes, click ILM Home.

Creating a Search Scope

A search scope is a customized configuration object in ILM “2” that provides a filtered object view from the Search Within: list box on the Web Portal pages. A search scope can consist of:

  • A display name
  • A set of UsageKeywords - UsageKeywords determine on which Web Portal pages the search scope will be available, and may also determine which users see the search scope in the dropdown list.
  • Order – Similar to the navigation bar and home page, the Order determines where the search scope appears in the drop down list.
  • Filter – An XPath expression to define which resources are returned.
  • Type of object to be returned.
  • List of attributes to be displayed.

The Web Portal uses UsageKeywords as a way to determine which Search Scopes are displayed on each page, when that page loads. For example, any Search Scope with the UsageKeyword Global will appear in the Search within: drop down list on the Home Page only. Search Scopes may also contain multiple UsageKeywords. For example, any Search Scope with the UsageKeywords Global and AllDls will appear in the Search within: drop down list on the Home Page and on the Distribution Lists page.

Most UsageKeywords are based on object type, as in the following examples:

UsageKeyword

Placement in Web Portal

Group

Member selection page for Groups and Distribution Lists

Person

Creating a new user page

Set

All Sets page

Schemaobject

Schema Management page

Searchrequests

Search Requests page

In the following procedure, you will create Search Scope to make All Computers available when selecting group members.

To create a search scope

  1. From the home page, under Administration, click Search Scopes.

  2. On the Customized Objects – Search Scope Configurations page, click New.

  3. In Display Name, type All Computers.

  4. In Usage Keywords, type Group.

  5. In Order, type 99, and click Next.

    Note: Setting the Order to 99 will ensure that All Computers will appear at the bottom of the drop down list.

  6. In Attribute Searched, type DisplayName.

  7. In Filter, type /Computer.

  8. To preview the search results, press F5 to refresh the page, then click Next.

  9. In Result Object Type, select Computer.

  10. In Data Returned, type DisplayName.

  11. Click Finish, then click Submit.

To verify the search scope

  1. Click Start, click Run, type iisreset, and click OK. Then press F5 to refresh the page.

  2. In the Navigation Bar click All Groups.

  3. Click New.

  4. In Display Name, type Search Group. In Account Name, type SearchGroup, then click Next.

  5. From the Search within: drop down list, select All Computers.

  6. Select one or more computers, then click Finish, and click Submit.

Summary

After completing the steps in this guide, you have seen how to customize the Portal banner, modify the Navigation Bar, arrange the Home Page layout, and create custom Search Scopes. As a next step, see the ILM “2” Beta 3 Object Visualization Configuration guide in the ILM “2” documentation set for further information about customizing the Web Portal.