User creation wizard

6.3. User creation wizard#

For quick user account creation, functional administrators can use the user creation wizard. For information about the wizard, see User creation wizard in Nubus Manual 1.x [4]. This page addresses administrators on configuring the user creation wizard, which requires changes to the system.

6.3.1. Require primary email address in user creation wizard#

When activated with the value true, the User creation wizard requires functional administrators to provide a primary email address for a user account. To activate this requirement, apply the following steps on the Primary Directory Node of your Nubus for UCS installation:

  1. Set the UCR variable directory/manager/web/modules/users/user/properties/mailPrimaryAddress/required to the value true.

  2. To apply the changes, you need to restart the UMC Server as described in Restart the UMC server.

6.3.2. Deactivate user creation wizard#

To deactivate the user creation wizard in the Users management module in Nubus for UCS, use the following steps:

  1. Set the UCR variable directory/manager/web/modules/users/user/wizard/disabled to the value true.

  2. To apply the changes, you need to restart the UMC Server as described in Restart the UMC server.

6.3.3. Control account properties for user setup#

The user creation wizard provides the following additional properties to control user account setup.

Invite user via e-mail. Password will be set by the user

If you activate this checkbox, the wizard replaces the password input fields with an input field where you enter an email address. Upon user creation, the Management UI sends an invitation email containing a link where the user can set their password.

The wizard also deactivates the properties User has to change password on next login and Override password check, which remain visible but functional administrators can’t change them. The link in the invitation email directs the user to the User Self Service where they must define a password that meets the defined password quality rules.

User has to change password on next login

If you activate this checkbox, the user must change their password on the next sign-in.

Override password check

If you activate this checkbox, the Directory Manager skips the password quality and minimum password length checks.

Account disabled

If you activate this checkbox, the Directory Manager creates the user account in a deactivated state that prevents the user from signing in.

You can use this property to prepare a user account in advance and activate it when ready.

To configure whether the wizard shows these properties, and define the properties’ default values, use the following steps:

  1. Configure the UCR variables. Limit the configuration to those properties that you actually need. Each property has the following attributes:

    visible

    Set the attribute to true to show the checkbox for the property. When unset or set to false, the Management UI hides the checkbox. Possible values are true and false.

    default

    Sets the default value for the property. Defaults to false. Possible values are true and false.

    Example

    To activate the checkbox to invite users through email, set the following UCR variables:

  2. To apply the changes, you need to restart the UMC Server as described in Restart the UMC server.

6.3.4. Restart the UMC server#

For some configuration changes to take effect, you must restart the UMC server. To restart the UMC server, use the command in Listing 6.6.

Listing 6.6 Restart the UMC Server on Primary Directory Node#
$ service univention-management-console-server restart

Caution

UMC Server instances generate and maintain the user session. Only the generating instance knows about the user session. Any requests in the context of the user session need to use that UMC Server instance.

However, if you restart individual UMC Server instances users whose session belongs to the affected UMC Server instances lose their user session.

On this page