6. Identity and Access Management

This chapter covers Identity and Access Management (IAM) configuration tasks for technical administrators in Nubus for UCS. It addresses how users authenticate, how administrators govern passwords, how they structure and synchronize groups, and how they create user accounts.

Password management

Configure password policies that control password length, complexity, history, and age. Nubus for UCS supports two policy systems—UDM and Samba domain— which Univention recommends keeping aligned in Samba-enabled domains. This section covers the End User Self Service, which lets users manage their own contact information, register, and reset their passwords. See Password management.

Group management

Create and manage groups in your Nubus for UCS domain, including nested groups, group caching, and Active Directory group synchronization. See Group management.

User creation wizard

Configure the user creation wizard for functional administrators, including requiring a primary email address, controlling which account properties appear, and deactivating the wizard when you don’t need it. See User creation wizard.

Contents

• 6.1. Password management
  • 6.1.1. Password policies
    • 6.1.1.1. Password policy types
    • 6.1.1.2. Change the user password
    • 6.1.1.3. Password policy settings
  • 6.1.2. Samba domain password policy
  • 6.1.3. End User Self Service
    • 6.1.3.1. Installation and activation
    • 6.1.3.2. Contact information
    • 6.1.3.3. User registration
      • 6.1.3.3.1. Registration form
      • 6.1.3.3.2. Email verification
      • 6.1.3.3.3. Account activation
    • 6.1.3.4. User deregistration
      • 6.1.3.4.1. Deregistration request
      • 6.1.3.4.2. Account cleanup
• 6.2. Group management
  • 6.2.1. Group creation and assignment
  • 6.2.2. Nested groups
  • 6.2.3. Group caching
  • 6.2.4. Active Directory group synchronization
  • 6.2.5. Group overlay module
• 6.3. User creation wizard
  • 6.3.1. Require primary email address in user creation wizard
  • 6.3.2. Deactivate user creation wizard
  • 6.3.3. Control account properties for user setup
  • 6.3.4. Restart the UMC server