Enable Configuration to Create Sponsored Accounts
There are several configuration considerations that must be completed prior to enabling authorized users to sponsor an account.
Prerequisites
Configure system Roles for Sponsorship Admin and Sponsorship Sponsor.
Enable Configuration to ensure sponsored accounts are created in the appropriate OU.
Configure Sponsorship module attribute settings.
Define custom attributes and verify functionality for a new sponsored account.
Populate email addresses for authorized users to sponsor an account
Sponsorship Settings
Access the People Module from the RapidIdentity Portal.
Select My Sponsored Accounts or Other Sponsored Accounts.
Click the Settings gear in the left-hand menu items.
Click Sponsorship Settings.
Complete the information as shown below in the Sponsorship Settings General tab:
Click the browser Icon and select from the LDAP Containers for the following fields:
Placement container DN: OU, DC, DC format
Uniqueness Container DN
Sponsored Account Search Base DN
Require Email Address : Set to "True"
User Object Naming Prefix: Set the naming prefix format
From the Sponsorship Settings Attributes tab complete the following:
Use User Name In Duplicate Matching Filter: True
Click Save.
Select My Sponsored Accounts or Other Sponsored Accounts.
Click the Settings gear in the left-hand menu items.
Click Sponsorship Attributes.
Add additional specific attributes to the form that will be required for a sponsored account, as required.
Click Save.
Populate email addresses for authorized users to sponsor an account
All users that are authorized to sponsor an account must have an email address populated for their account to receive Sponsorship Account Management notifications.
Edit the Administrator email address through Delegations, Refer to Edit a Delegation for additional information. If the email address is not available, update the Delegations Profile to show in the list:
From the People module, select Settings, Delegations.
Select the My Profile from the Delegations workspace and click Details.
From Edit Delegation, click Attributes.
From the Attribute Map, select to Edit the "Email" attribute.
Note
The user that is assigned the email address is the Sponsor of the accounts.
Select to Allow Editing and Show In List checkboxes.
Click Update to return to the Attribute Map. Click Update again to return to the General tab.
Click Save.
Note
Once sponsored accounts are set up, an administrator will still need to create additional delegations. For managing certain aspects of sponsored accounts, see Delegations .
Other Considerations
Add the users to the Sponsored Account roles and ensure that the settings are synchronized in the Roles Module. Setting up Auto-synchronization in production environments will prevent individual syncing of the roles.
When logging in to the portal as a sponsored account the Administrator would set the Password Policy Manager to use a role-based policy for Sponsored Accounts, as well as the Sponsored Account Password Policy.
In the Active Directory Users and Computers Attribute Editor Properties, check the date start and end dates for the user.
Set up Appliance SMTP configurations.