If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.
UMRA – SSRPM Web Portal Integration
In my previous blog I talked about a product from tools4ever called Self Service Password Reset Manager SSRPM for short. Some of the clients I’ve built UMRA Portals for, also are running SSRPM for users in there Active Directory Environment, and they request to have functionally that SSRPM provides through its admin console, to be available to delegated users in there UMRA Portal without giving these users any elevated rights in Active Directory. Now, there are additional functionally within the SSRPM admin condole that we can integrate into the UMRA Portal such as unlocking/locking an account, viewing blocked time, blocked count, and any other piece of data in the admin console with the UMRA Portal. However, in this post I will focus on just doing a search for a user in Active Directory, and creating a simple hyperlink to pull back the selected users challenge and response questions and answers. Now some of you might be asking how this can be useful, and help your environment. You now have a way for Help Desk to search for a user through your UMRA Portal locate a user by id, accountname, employee number, displayname etc. Retrieve the users SSRPM questions, maybe ask the user these questions, and if the user answers these correctly, they then can proceeded with a specific action such as, updating an active directory account, resetting a password etc.UMRA – SSRPM Web Portal Integration Walkthrough
I will keep this a very high level overview since there are a lot of moving parts when integrating multiple tools4ever products. So if you haven’t read the blog on how to do a simple search, and loop through a UMRA data table, then read this blog post below :UMRA COM Object – Loop Through Data Table
http://umratips.blogspot.com/2009/04/umra-com-object-loop-through-data-table.html
Tip : For this to work you need to make sure your passwords are stored without encryption.
Now that we have our simple search page working, when you kick out results make it so the samaccountname or even better the user canonicalname is a JavaScript function that runs a function called getssrpmdetails(usercn) and pass this 1 argument, that argument would be the user canonicalname. In SSRPM database, they store the user canonicalname when a user is enrolled into SSRPM. So now what we can do is do a simple search on your Access or MSSQL database, depending on how you have your SSRPM configuration setup. Now the user query to get the user by the canonical name is quite complex, however to get this query, or any other query that updates/inserts any record into SSRPM database, simple run MSSQL query analyzer and watch what queries are being called during that action. So once you’ve obtained your query, use that in your AJAX page, to display back the users questions and answers to the page. Now some of you might be asking, what happens if the user is not enrolled into SSRPM, simple you can do a check on the results that it brings back, if the user is not enrolled, just display a message on your page saying so. An just like that, you now have a UMRA Portal integrated with Self Service Password Reset Manager. Below are a few screen shots of how I did this integration.
0 comments:
Post a Comment