Contact us at 408.675.5020 or

Home Page

Knowledge Base Search     Advanced

Step 2: Manage Create Profiles

Article ID: 1683
Last updated: 17 Dec, 2018

A Create Profile is in essence a definition that brings together all of the components required to enable creating a Directory object. This article will discuss:

Organizing Create Profiles

Over time, it is possible to build a significant number of Create Profiles.  Identity Maestro provides the means to create folders to better organize how to store those profiles.

Add Create Profile Folders

Before starting, we can create a folder to hold all of the Sample Create Profiles.

To add a Create Profile folder:

  1. Login into Identity Maestro as a Delegated Administrator.
  2. Select ADMINISTRATION from the main menu.
  3. Select the CREATE module.
  4. Select Step 2: Manage Create Profiles, click New and select New Folder.

  5. In the New Profile Folder window, provide a Name and Description for a folder. In this example, the goal is to create a folder to store Sample Create Profiles.

    Click Accept.
  6. Confirm that the new Create Profile folder is available in the navigation pane.


Moving Create Profiles into Folders

To organize folders, use drag and drop to move Create Profiles into a folder.

  1. Select a Create Folder and drag and drop it into a Create Profile folder.

  2. Once all of the Create Profiles have been moved, expand the folder and confirm that the Create Folders are inside that folder.

Prepare for Create Profiles

Make sure that you are prepared to build Create Profiles. For this documentation, the goal is to build Create Folders for creating user objects for DemoCo. The Create Profiles will be configured for testing first and then reconfigured once testing is complete.

  • Create Profile Folder - Add a new Create Profile folder if needed.

  • Target System and Create Location - Initially test user objects will be created in the Sample OU container to test the Create Profile.  Once testing is complete, the Create Profiles will be reconfigured to create user objects in the desired target locations.

  • Base Objects - Ensure that you have a base user object that is configured to meet your needs.

  • Create Forms - Prepare the Create Form(s) that you will assign to each Create Profile that you add.

  • Create Workflows - Know which create workflow to assign to the Create Profile based on the type of target system(s) where user objects will be created.

    • Office 365 (Disconnected mode) - select the Office365.Create.Entity.ActiveDirectory workflow.

    • Office 365 (Hybrid mode) - select the Create.Entity.ActiveDirectory workflow.  ADConnect will sync the creation of the new user in Azure AD + Office 365.

    • AD and AD + Exchange On-Premises - select the Create.Entity.ActiveDirectory workflow.

    • eDirectory - select the select the Create.Entity.eDirectory workflow.

  • Create Approvers - Decide if this Create Profile needs an approver and identify which Role Group to assign. Users that are members of Create Approval groups must be included in a MANAGE Task Assignments, otherwise they will not be able to see the create approval request web page.  The Setup Wizard includes that kind of setup for your reference.  The IM Manager is the user that is a member of the Create Approvals Role group which has also been assigned a Task Assignment that uses an IM Create Approvals task collection which grants minimal tasks to grant access to the Manage module to those users.

  • Create Assignments - Initially use a Role group that is reserved for testing Create Profiles.  Once testing is completed, modify the Create Assignment to the Role Group approved to create objects using that Create Profile.

  • Add to Groups - Know which groups you want to add new objects to.

Build a New Create Profile

Building a Create Profile comprises the following steps:

Add the Create Profile and Configure Settings

  1. In Step 2: Manage Create Profiles, select the Create Folder you want to add the new Create Profile in.
  2. Click New and select New Profile.
  3. In the Profile Details panel select the Settings tab.

  4. Provide a Name for the Create Profile.  DO NOT use any special characters like &, ^, %, $, #, @ in the name.  The create workflow cannot process Create Profiles with names that contain special characters.
  5. Provide a concise DescriptionThis description will be displayed in the Operator panel to help explain the purpose or use of a Create Profile.
  6. If there is more than one primary directory connection, select the desired System.
  7. Click the browse icon for Base Object, navigate to and select the base object that will be used as the template for this Create Profile.
  8. If this Create Profile will create user objects with an Exchange on-premises mailbox, add mailRecipient,msExchMailStorage to the Auxiliary Object Classes field. See Inclusion of Auxiliary Object Classes for Exchange Mailboxes for additional information. This is not required for Office 365 mailboxes.
  9. Click the browse icon for Creation Container, navigate to and select the location in the Directory where new objects will be created by this Create Profile.
  10. Select the applicable Create Form from the Master Form drop-down list.
  11. Click the Allow Bulk Create option if you want to enable bulk importing of objects using CSV files.
  12. Select the appropriate create work from the Workflow drop-down list
  13. (Optional) If an approver is required for new objects created using this Create Profile, click the borwse icon for Approver Group, navigate to and select the Role Group that represents the list of approvers for this Create Profile.
  14. Save the Create Profile.

Configure Who Can Use the Create Profile

  1. Select the Assign Groups / Containers tab.
  2. Click the Add button.
  3. Navigate to and select the Role Group that will be granted permissions to use this Create Profile.

  4. Save this change.

Configure Additional Group Memberships

  1. Select the Additional Memberships tab.
  2. Click the Add button.
  3. Navigate to and select the groups that the new object will be added to.

  4. Save this change.

Modify the Form

  1. Select the Form tab.

  2. Review each field and make adjustments as required.  Note: Changes made to this form will be applied to all Create Profiles that use the same Create Form.
  3. Click the Preview Form button to view an example of the create form.  Autocomplete fields will not display a field.
  4. Once all changes have been made and previewed, Save the Create Profile.
  5. Select OPTIONS > Apply Settings to save the changes and activate the new Create Profile.

Prepare for Bulk Create

Refer to How to Bulk Import Users Using CSV Files for information on how to plan, build and use CSV files to bulk import users into Active Directory and eDirectory.

Copy an Existing Profile

You can add a Create Profile by copying an existing Create Profile (using it as a template).

  1. In Step 2: Manage Create Profiles, navigate to and select the Create Profile you want to duplicate.
  2. Click New and select Copy Profile.

  3. Select the copy of the Create Profile in the navigation pane.

  4. Change the Name to provide a unique name for the Create Profile.
  5. Change the Description as required.
  6. The Base Object and Creation Container will probably not change for this stage.  The intent is to build a Create Profile that will create users in the Sample OU container so that testing can be completed before the Create Profile is configured for production use.
  7. Change the Master Form to select the Create Form to match this Create Profile.  In this example, the Create Profile will create Staff users, so selecting the DemoCo Staff Create Form is appropriate.
  8. Change the Workflow if required.
  9. Change the Approver Group if required.  In this example, we want to remove the requirement for an approval group, so select the empty value from the drop-down list.
  10. Save the Create Form and confirm that the name of the Create Profile changed in the navigation pane.

  11. Make changes to the Assign Group / Containers list and Additional Memberships list as required.
  12. Save the Create Form.
  13. Select OPTIONS > Apply Settings to save the changes and activate the new Create Profile.

Testing Create Profiles

Before a Create Profile is used to create real objects, it should be tested into the Sample sandbox OU container.  This procedure will test and confirm ta user object for the DemoCo Contractor AD and O365 User Create Profile added earlier.

  1. Click HOME to switch to the Operator Panel.
  2. Select the CREATE module.
  3. Navigate to and select the DemoCo Contractor AD and O365 User Create Profile.

  4. Fill in the Create Form and click Next.

  5. Preview the information.

    If there is challenge with the information, click Back and correct the information, otherwise click Next.
  6. Identity Maestro will display a progress page.  Note that the workflow is waiting for someone to approve a create request.

    This Create Profile was configured with a Create Approval group.  One of the user's in that group is the user immanager.
  7. The IM Manager user will receive a create request email from Identity Maestro.

    Click the click here link in the email.
  8. The IM Manager user needs to log into Identity Maestro which will then display a create request request web page.

    To see more information related to the request, click the double up/down arrow.  Click Approve or Reject.

    If the request is rejected, the create workflow job for that user will be terminated.  If the request is approved, the create user workflow job will continue.,

  9. Once a request has been approved, you can refresh the workflow progress page.  Note:  If this page has been closed, there is no way to open this page again.  You can open a results page using My Workflows.

  10. Use the Manage module to locate the new user and confirm the information about the user like identification info ...

    and group membership.

  11. If an email mailbox was created, use the relevant admin portal to confirm that the mailbox was created with the correct information.

    Confirm the contact information.


Modify an Existing Create Profile

There are many reasons to modify a Create Profile.  In this example, we want to reconfigure the DemoCo Contractor AD and O365 User Create Profile now that testing has been completed.

  1. In Step 2: Manage Create Profiles, navigate to and select the Create Profile you want to duplicate.
  2. In the Settings page, make the following changes:

    • Name and Description - make any desired changes to make the information that is displayed to the users in the Operator portal in the Create module is as clear as possible.
    • Creation Container - switch from the Sample OU container to the real target container where the objects will be created.
    • Approver Group - change or remove the assignment.
  3. Save the changes.
  4. Select the Assign Groups / Containers tab.
  5. Select the desired role groups that will be authorized to use this Create Profile and click OK

  6. If you select multiple groups, the confirmation window will not display any groups. Click Accept.

  7. Remove the groups that are no longer required for testing.

  8. Save the changes.
  9. Select the Additional Memberships page.
  10. Add the desired groups for the Create Profile.

  11. Remove the groups that were used for testing if no longer required the this Create Profile.

  12. Save the changes.
  13. Make any desired changes to the Form if required.
  14. Save the changes.
  15. Select OPTIONS > Apply Settings to save the changes and activate the reconfigured Create Profile.
This article was:   Helpful | Not helpful Report an issue

Article ID: 1683
Last updated: 17 Dec, 2018
Revision: 4
Views: 221
Comments: 0
print  Print email  Email to friend share  Share pool  Add to pool comment  Add comment
Prev     Next
Step 1: Configure Create Forms       KB 1695: How to bulk import users from CSV files