UMRA – SSRPM Web Based Employee Self Service

7:22 PM / Comments (0) / by Tech Admin

If you haven’t already download the free trial version of User Management Resource Administrator here> Download
Download Self Service Password Reset Manager SSRPM > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – SSRPM Employee Self Service

Now I’ve talked about similar topics of Employee Self Service using UMRA, SSRPM or both of these together to accomplish this task. From what I’m going to talk about uses both UMRA and SSRPM together to create a very flexible and easy to manage Employee Self Service portal. When we talk about allowing users to control their information in active directory through an interface, we need to make sure we have some type of challenge and response or security wrapped around this approach. That is exactly where SSRPM comes into play, since SSRPM already has a ton of security and processes to challenge the user before either resetting there password, or even editing AD information, this will be perfect for creating our Employee Self Service. Now, where does UMRA come into play in all of this? UMRA will be used to get/set the active directory information after a user has authenticated them through SSRPM.

Now some of you might be asking yourselfs, why would we need to authenitacte through SSRPM before I let the user manage there Active Directyory Information. Simple, If a user is on an outside LAN, or logged into another domain OS/system,, this makes it almost impossible to figure out what user is trying to access there Active Directory information. So SSRPM challenge response questions fill this void, and provide the perfect solution to ensure secure user management account update transactions. Below I will talk about some very high level steps on how you would get a project like this started, and some tips that I’ve learned along the way.

UMRA – SSRPM Employee Self Service Tips

Now this is the third of fourth Employee Self Service I’ve built so I will try to start from the basics and really show you how to get something like this started. Now, keep in mind, we are going to talk about letting the user edit and control their information in Active Directory however, UMRA has the ability really to connect to any ODBC compliant database, so we can pull information from a HR, Student Information System SIS etc. Display this information to the user, and allow them to edit it.

Step 1:
Download and install Self Service Password Reset Manager SSRPM > Download
Download and install User Management Resource Administrator > Download
Configure both UMRA and SSRPM

Step 2:
Make a list of the items you want to allow your users to edit, either in Active Directory or another system.

Step 3:
You will need to edit a few pages in the SSRPM web interface, these files will vary depending on what you want to accomplish. If you want to keep the stock functionally within the SSRPM web interface, then you can add another button to the front page of the SSRPM web interface. (See the picture below to see how I added an additional option to the main screen)

Step 4:
After the user has authenticated them self’s using SSRPM challenge and response questions, you can now edit the page where they can edit and manage their attributes in Active Directory.
For my sample screen shot below, I list out the most common attributes, even allowing for the user to control who their manager is.
Tip – If you are going to allow the user to manage who their manager is you will need a mechanism that will search Active Directory and display the results in a user friendly fashion. I was able to accomplish this with AJAX and UMRA. After the user has typed in more then 4 characters, UMRA will go into Active Directory and search for matches similar to the searched criteria, and display them in a drop down, as the user types, it will continue to filter down until only 1 or no results match the criteria.

Step 5:
When the user changes an attribute, use UMRA to update these values in Active Directory. During this process, it’s a good idea to update a logging database to show time/date, action on, old attribute, and new attribute values.

I hope this helps anyone who is trying to accomplish a similar task.



Posted in:

Submit Article :- BlinkList + Blogmarks + Digg + Del.icio.us + Ekstreme Socializer + Feedmarker + Furl + Google Bookmarks + ma.gnolia + Netvouz + RawSugar + Reddit + Scuttle + Shadows + Simpy + Spurl + Technorati + Unalog + Wink

This entry was posted on 7:22 PM and is filed under . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

0 comments:

Post a Comment

 
-->