Configuring Administrative Groups - Identity and Access Management Services - 4.0 - 4.0 - Other - external

Identity and Access Management Services

Platform
Other
Product
Identity and Access Management Services
Release
4.0
License

After completing the base configuration of the Hyland IdP server, you can override and configure a new list of administrative groups for the configured tenant.

Note:

At least one administrative user or one administrative group must be assigned to the tenant to access the Hyland IdP Administration Client. For more information on adding or updating administrative users, see Configuring Administrative Users.

Configuration of administrative groups can be completed using the Hyland.Identity.Server.Initialization.dll command-line utility. Once the base configuration is completed, the graphical initialization client is inaccessible. Changes to the base configuration must be made using command-line utilities.

This section includes the instructions to use the command-line utility specifically for overriding the list of configured administrative groups for a tenant.

To reconfigure administrative users:

  1. Open a Windows command prompt with elevated administrator privileges.
    Tip:

    It is recommended to use Windows PowerShell to run command line operations.

  2. Change to the directory where the Hyland.Identity.Server.Initialization.dll is saved. In a default installation, the DLL is located in C:\Program Files\Hyland\Hyland Identity Provider Server Initialization Utility\.
  3. Type the set-admin-groups command, but do not run it yet:
    dotnet Hyland.Identity.Server.Initialization.dll set-admin-groups
  4. Append the following switches and their values to the set-admin-groups command. Be sure to enclose the values in double quotation marks.

    Switch

    Value

    --config

    The full file path of the idpconfig.json configuration file. In a default installation, the configuration file is located at:

    C:\Program Files\Hyland\identityprovider\idpconfig.json

    --tenant

    The name of the tenant used by the Hyland IdP server.

    Note:

    If your solution uses the Hyland SCIM server, the Tenant Name must match exactly the Name of the datasource configured for the connection string on the Hyland SCIM server. For example, if the SCIM datasource name is MyDBTenant then the tenant Name must also be MyDBTenant.

    --admingroups

    The user names of those authorized to make configuration changes in the IdP Administration Client.

    User names must be entered as a comma-separated list, with user names containing spaces placed in quotes. For example, if you are entering the user names of manager, John Doe, and user1, they must be entered as manager, "John Doe", user1

    Note:

    The --admingroups command line switch can be run multiple times to edit the list of administrative groups. Every time the command line switch is run, the previous administrative group entries are replaced with the new administrative group entries.

    For example, a completed set-admin-groups command may look like this:

    dotnet Hyland.Identity.Server.Initialization.dll set-admin-groups --config "C:\Program Files\Hyland\identityprovider\idpconfig.json" --tenant "MyDBTenant" --admingroups "manager, "John Doe""                        
                        
  5. Press the Enter key to run the set-admin-groups command.
    If any errors are reported, they must be corrected and the command run again. The command will return nothing if no errors are encountered.