Skip to main content

Alias Management

Introduction

This feature aids the management of aliases on an Identity System. It provides changed alias data to a post process workflow so that syncing of the changes to a target system can be done. An alias can be considered as a proxy email that can be configured on mail servers, which can have a destination/deliverable address (a valid email id). When mail is sent to an alias, it will be redirected to the destination address. A typical usage scenario would be an individual who has multiple roles and has different email ids(aliases) based on role and needs all the email ids (aliases) directed to a single mail box.

The management of aliases can be performed:
• by the User himself, through my profile tab in self service
• by an OBO who has rights to manage the user profile, through Users tab in self-service.
• Pre-defined aliases are created during user provisioning, if the user profile qualifies the alias Configuration.


The alias creation configuration is created in the admin UI. When a user, who qualifies for the configuration, logs into the self-service UI, he will see the aliases generated or a text box to key in aliases, based on the type of configuration he qualifies for. The user chooses the aliases and destination address and saves it, based on the permission he got from qualified alias configurations. The saved alias information along with user info will be passed to a post process workflow which is selected in the qualified configuration.

Configuration

Below listed section will detail about the configurations to be done in Alias management feature.

Cooling period aliases - Legacy load

The legacy aliases which are in a cooling period can be uploaded here in a predetermined format explained below.
(The CSV or TXT file should have entries in the format: alias, end date (MM/dd/yyyy) For eg: abc@xyz.com,01/26/2019)

Configuration Property to generate alias

Set the Modify Configuration for: ► Provisioning Policy  Generate and Assign Aliases to "True" in order to generate an alias while creating the user.

Alias management configuration - Admin UI

The configuration based on which the aliases of profiles is managed can be created from can be done from the Alias management listing administration UI as shown below. Multiple configurations can be created for an organization and user will get the aliases generated based on all the qualified configurations. Clicking on add button will take you to a detail UI which will have many sub sections that will used for the creation/generation of aliases.

Elements and Descriptions

Locale: Select the preferred language (default: English) and configure Specific values for New User Creation UI Label and Display Name. 

Note: English values must be configured before adding other locale specific values.

Name : Enter the name that describes the alias configuration.

Description: Enter the description text of the alias configuration.

Type: Enter the mode of alias generation. The modes available are 

  • Generated-Selectable - Alias names get automatically generated and are shown in self-service UI based on selected rules and its associated action. User/OBO can select an alias name and one of the available domains in order to create an
    alias.
  • Generated-Assigned - Alias names get automatically generated based on selected rules and its associated action. Alias is generated for all the domains in the configuration. This configuration is used for the automatic generation of aliases
    during profile creation from the product and won't be available to a self service user for selection and generation of aliases·
  • Manual - A self service user/OBO can manually enter the alias names of their choice and select one of the available domains to create an alias for a profile.
User qualification criteria : Select a security group to be used as the beneficiary to qualify the alias configuration. Multiple user groups can be selected for a configuration.

Alias generation rules : The rules define how an alias is to be generated. Rule generation uses product attributes that have database column mapping and literals as building blocks to create rules. For example, a sample rule filter will be [substring(Person-Lastname,LEFT,1)][Person-Firstname] which is a concatenation of first letter of last name +First name as a whole.

Multiple rules can be configured in a configuration and they have a priority as per the listed order in the Configuration Detail Page UI.

  • Pick Rule - Clicking this will list the available rules(system and custom)
  • Add Custom Rule - To add a new custom Rule and pick this to be used in configuration.
Pick Rule : Click the Pick Rule button to view the list of available rules (system and custom).
Add Custom Rule : Click the Add Custom Rule button to create a new custom rule view to use in the in the alias configuration.
Move Up/Down : Click the Move Up/Down button to increase/decrease the priority of the rule in the configuration.

Edit Rule : Click the Edit Rule button to edit a custom rule.
Note: Edit is enabled only if the selected custom rule is not used by any other alias configuration.

Rules can have one of the action types Skip or Increment:

  • Increment - If the generated alias already exists, the alias is appended with a numeric value (starting with 1) at the end in an iterative and incremental manner until a unique alias name is obtained.
  • Skip - If the generated alias already exists, the rule is skipped and the next rule in the order of priority will be considered for generating alias.

Domain Configuration : The domains selected/added here will be available for use by qualified user (s) in the Self-Service UI while creating an alias.

  • Available Domains - A list of domains that can be used while creating aliases
  • Selected Domains - The list of domains selected from the Available Domains list.
  • Add New Domain - If a domain is not listed in the available domains. You can key-in a new New Domain name and click the Add button to create a new one. The new domain will appear in the Available Domains list.

Blacklisted words Configuration : The configuration of  the list of words to be disallowed in an alias name  is managed in this section.

  • Aliases cannot contain the following words -  The list of words to be disallowed when creating an alias.
  • Add blacklisted word - The management options are listed below.
    • Add blacklisted word - Enter the blacklisted word and click Add to add the word to the list.
    • Remove blacklisted word - Select a word and click Remove to remove from the list.
      Note: While updating alias configuration, the blacklisted words can be uploaded by clicking Choose File in the Upload words list section and the clicking the Upload button.
  • Upload words list - To upload a word list, click the Choose file button and then click Upload.
    • Chose File - Click the Choose file button to select the file.
    • Upload - Click the Upload button to upload the file.

Note: The TXT file should have one word per line 

Generate Deliverables : For profiles which qualify for Generated-Assigned type configuration, deliverable are to be automatically generated, as no manual intervention is possible. For this configure a list of rules to generate deliverables, this section will be displayed for "Generated-Assigned" type only. In this section, like we did in alias generation rules, with which the deliverables will be generated. According to the rules selected in the section and deliverable domain (explained below) configured, deliverable addresses is are generated.

Below are the actions that can be performed in the rule listing section.

  • Pick Rule - To Add the custom rule to the detail page.
  • Add Custom Rule -  To build and add a custom rule
  • Delete - To delete an added rule from the configuration.
  • Move Up - To move the rule to up
  • Move Down - To move the rule to down.
  • Edit - To edit a custom rule
    Note: Edit is enabled only if the selected custom rule is not used by any other alias configuration..

Deliverable domain :  Enter a valid domain for generating deliverable address

Other Configurations: Below listed are the miscellaneous configurations of the feature.

  • Alias can be reused after : This is the cooling period for which the alias will be retained in the system . After an alias is deleted. Once the cooling period is over the alias can be used by any user.
  • User can manage destination address : Checkbox which enables the user to manage the destination address
  • User can configure primary alias : If the checkbox is checked, the user who qualifies this configuration will have permission to make one of the aliases generated by the configuration as primary alias.
  • Post Process Workflow : Allows the user to select the Post Process Workflow. to which the alias details along with the user profile information is sent.
    • Clear - Allows the user to clear the selected workflow.
    • Select - Allows the user to choose the Post Process Workflow

Data Validation

This section helps you to add configurations by which an alias or a deliverable can be validated. This section will be displayed for “Generated-Selected” and “Manual” types only. The
validation occurs when generating aliases or deliverables from self-service. The following validations options are supported:

  • Regular Expression
  • Database Query
  • LDAP Query

Add a data validation Configuration

Click the Add button to show data validation configuration page and Save after the validations using Save Validation button.


Test Validation script

Test scripts can be validated by clicking the Test button.


Managing Aliases from Self-Service

Aliases can be managed in 3 possible ways from self-service UI. The options are given below:

  • A User can manage his own aliases from My Profile tab
  • OBO can manage others users' aliases from Users tab
  • Client admin can manage aliases in cooling period

Manage Aliases -By User

Prerequisites

In order to avail the alias management UI for a logged in User, the Administrator has to add Alias Management feature to the Self service security policy from Admin UI.

Alias Management UI -My Profile

Once the above configuration is complete, a self-service user can manage his own aliases. The management capabilities may vary per alias, based on the permissions in the alias management configurations which generated the respective aliases.
If the user has permissions to manage his deliverables, he will see the Manage Deliverables panel as the first panel in which he will be able to configure the deliverables, which can be used for setting the destination address of aliases. If not, he will see the manage aliases panel as the first panel. 

Once deliverables are created, they will be listed in the Manage alias section used for setting the destination address.


Manage Aliases -By OBO

Prerequisites

In order to manage alias from Users tab by OBO, Manage aliases should be checked in the User Management configuration.

Alias management UI -Users tab

Once this configuration is complete, an OBO can manage the aliases of users who he is allowed to administer. The management capabilities here may vary per alias, based on the permissions set in the alias management configurations used to generate the respective aliases. Once the user management action Manage Alias is selected, OBO will see the same three panels as My Profile, where he can manage the aliases.

Manage cooling period Aliases

Prerequisites

In order to access the cooling alias management UI for a logged in User, Administrator have to add that user to 'Iaas Client Administrators' security user group from the Admin UI. Also, the user must be configured to manage cooling period aliases. This user should be added under Client Administration Configuration -> Alias Cooling Period Management.

Cooling period alias management UI - Admin tab

A client admin (who qualifies for the above configuration, can manage the cooling period from the Admin -> ALIAS Tab. The possible actions he can take are listed below:

  • edit retention period and set to a prior or future date.
  • delete aliases from cooling aliases list.

Cooling period aliases - Bulk Load

The bulk load of aliases in the cooling period is kept as a common configuration, in the alias config listing page, user will be allowed to upload the aliases in the cooling period. The details are explained in a previous section Global Configuration.

Alias Initial Load – Identity Hub

A new execution mode – Alias Initial Load is available in Identity Hub to handle the initial load of aliases.

An initial load can be done in two ways:
1. Legacy aliases can be loaded by using a look-up system from where the details of aliases can be mapped to the alias schema/ attributes. This can be used for cases where aliases already exist in an implementation and you wish to manage/migrate them using Idm.
2. By using the mapper rule (Generate and Assign Alias) as shown in the image below. This will be helpful to a system where the concept of alias is to be implemented afresh. Using this rule aliases can be generated for an exported list of users, if they qualify for any of the ‘Generated-Assigned’ type of Alias configuration.

The Identity hub expects profile data along with multi valued alias data with the appropriate change type be passed in, so as to persist the aliases. Typical alias data will be made available as a file with comma
separated values and looked up against a flat file connector -using a unique identifier against corresponding database column- to correlate the alias data with user data being exported from the product (normally FUP).


Was this article helpful?