User creation wizard

5.2. User creation wizard#

The user creation wizard streamlines account creation for functional administrators by requiring only essential user information. After reading this page, you know how to create user accounts quickly, configure password options including email invitations, and customize the wizard’s behavior for your environment. The user creation wizard is part of the Users management module in the Management UI.

To create a user account through the user creation wizard, use the following steps:

  1. To open the wizard, open the Users module and click Add. Select a user template or keep the selection at None. Click Next.

  2. Provide values for the mandatory fields Last name and User name. Fill in the optional fields as you like, and as shown in Fig. 5.1. Click Next.

    Add a user in the Users management module

    Fig. 5.1 Add a user through the user creation wizard in the Users management module#

  3. Define a user password or activate the proper checkboxes. Besides defining a user password, you can activate the following options for the password of a user account:

    Invite user through email

    Instead of defining a user password, you provide an email address for the user, and Nubus sends an email invitation with a link to set the password.

    If you want your users to define their password themselves, continue at Users define their password themselves.

    Deactivated account

    You provide a user password. However, Nubus deactivates the user account and therefore no sign-in is possible with the account.

    Additionally, the UCS appliance offers the following options:

    User has to change the password on next sign-in

    You provide a user password. Upon the user’s next sign-in to Management UI, the Keycloak, or a Microsoft Windows client joined to the domain of UCS appliances, the sign-in process asks the user the change their password.

    Override password check

    Allows to set a password. Recommendation: use this option together with requiring the user to change their password on next sign-in.

  4. To provide more attributes for the user account than the wizard requests, click Advanced and continue with Advanced user account settings in the Users management module.

  5. To save the user account, click Create user.

5.2.1. Deactivate user creation wizard#

You can deactivate the user creation wizard. Use the following steps depending on your installation.

To deactivate the user creation wizard in the Users management module on the UCS appliance, apply the following steps to every UCS appliance system in your UCS domain:

  1. Set the UCR variable directory/manager/web/modules/users/user/wizard/disabled to the value true.

  2. Restart the univention-management-console-server.

To deactivate the user creation wizard in the Users management module in Nubus for Kubernetes, use the following steps:

  1. Add the global.configUcr.directory.manager.web.modules.users.user.wizard.disabled Helm Chart variable to your custom_values.yaml values file and assign the value true.

  2. To activate your changes, update your Nubus installation through helm by following the steps in Apply configuration in Univention Nubus for Kubernetes - Operation Manual [1].

  3. To apply the changes, you need to restart the UMC Server pod as described in Restart UMC Server pod in Univention Nubus for Kubernetes - Operation Manual [1].

5.2.2. Primary email address in user creation wizard#

If you want to define the user’s primary email address in the user creation wizard, you can activate the proper field in the wizard. Depending on your installation, you need to use the following steps.

Apply the following steps to every UCS appliance system in your UCS domain:

  1. Activate the field by setting the UCR variable directory/manager/web/modules/users/user/properties/mailPrimaryAddress/required to the value true.

  2. Restart the univention-management-console-server.

Apply the following steps to your Nubus for Kubernetes installation:

  1. Add the global.configUcr.directory.manager.web.modules.users.user.properties.mailPrimaryAddress.required Helm Chart variable to your custom_values.yaml file and assign the value true.

  2. To activate your changes, update your Nubus installation through helm by following the steps in Apply configuration in Univention Nubus for Kubernetes - Operation Manual [1].

  3. To apply the changes, you need to restart the UMC Server pod as described in Restart UMC Server pod in Univention Nubus for Kubernetes - Operation Manual [1].

The user creation wizard then asks for the user’s primary email address, as shown in Fig. 5.2.

Require setting the user's primary email address in the wizard

Fig. 5.2 Require setting the user’s primary email address in the wizard#

5.2.3. Users define their password themselves#

As an alternative to the administrator defining the password during user creation in the user creation wizard, the user may set their password themselves. You need to define their external email address.

To define an external email address, open the Advanced user account settings, click the tab Contact and provide an external email address in the field E-mail address. The End User Self Service sends an email to the user’s external email address with a link and a token. The user can use the link to set their initial password and unlock the user account, as you can see in Fig. 5.3. For more information, refer to Password management via Self Service app.

To enable users to set their user password themselves, you need to install the Self Service app to the UCS domain through the App Center.

Nubus for Kubernetes has the End User Self Service installed by default.

Initial user password

Fig. 5.3 Initial user password#