ID-Synch's plug-in architecture lets you add functionality to modules or HTML on certain pages.
For example, you can add HTML or interactive modules to front-end pages.
You can write your own plug-in programs, use a ready-made plug-in program from M-Tech, or have M-Tech write the program for you.
This section shows you how to enable plug-in points configured through the Web Modules menu. For more detailed information about plug-in points and programs, including
customizing programs, see the full manual shipped with the ID-Synch software. For information about configuring workflow plug-ins, see Workflow plug-ins and mail.
The following table lists the plug-in points and the types of programs that can be used with ID-Synch modules:
| Module | Plug-in point | Purpose | Shipped |
| Front-end | PSF PLUGIN | Display additional HTML or interactive modules to login, authentication, or options pages. | None |
| Account console | IDA ACCOUNT FILTER PLUGIN | Filter out users, accounts, and templates that administrators are not allowed to manage. | plugin-filter-account-location.exe |
| IDA ACCTGROUP FILTER PLUGIN | Filter out account groups that administrators are not allowed to manage. | plugin-filter-nosgroup-location.exe | |
| IDA TEMPLATE PRESELECT PLUGIN | Automatically select templates for new requests. | None | |
| New request | IDR ACCTGROUP FILTER PLUGIN | Filter out account groups that requesters are not allowed to manage. | plugin-filter-nosgroup-location.exe |
| IDR OPERATION FILTER PLUGIN | Restricts operations available to requesters, for security purposes. | idrOperationFilter.psl |
To enable a plug-in point:
All plug-ins are located in the \<instance name>\cgi-bin\. The file path is not required.
ID-Synch includes plug-in points that allows you to filter:
The default plug-ins filter by location. You can write customized plug-ins to filter by other criteria. The account plug-in works in this way:
Search.
The filter is bypassed when a console user is assigned all rights (e.g. the ID-Synch administrator).
The account group filter works in a similar way for a requester using the New account request module (nph-idr.exe) to make a request, or a console user using the Account management console (nph-ida.exe).
| Note: |
|
To filter users, accounts, and templates available to console users:
The default plug-in to filter by location is PLUGIN-FILTER-ACCOUNT-LOCATION.EXE
To filter groups available to users:
You can simplify new account requests by using a plug-in program to pre-select templates when console users set up a new user. This means that users skip the template selection step when using the Account management console (nph-ida.exe), and do not need to know about templates.
This is useful where there is never a need to choose templates. For example, a staff administrator may need to provision access for new users, where the provisioning request always involves the same set of accounts and targets.
To use this plug-in enable the IDA TEMPLATE PRESELECT PLUGIN point for the Account management console (nph-ida.exe), and type the name of the plug-in.
The plug-in is bypassed if the console user is assigned all rights (superuser).
Contact M-Tech Support for more information about using this plug-in.
ID-Synch includes a plug-in point and default plug-in program, IDROPERATIONFILTER.PSL, to control the operations that requesters can perform when using the New account request module (nph-idr.exe).
By default, this plug-in point is enabled, and requesters can perform:
The default plug-in script, stored in the \<instance name>\cgi-bin\, is written in the PSLANG scripting language.
You can customize the script to grant requesters additional control, or write a customized script.
| Caution: |
|
|
ID-Synch™ is an access management solution developed by
M-Tech. The full current version of this guide, shipped with the ID-Synch software, contains detailed reference information not included in this version. |
||||
|
|
||||
|