User Profile Configuration for Self-Service

User profiles are required for Self-Service enrollment. They contain user attributes such as name, User ID, e-mail address, Self-Service Console password, and mobile number.

If you are using the internal database for self-service users, you can specify which user attributes are required, editable, read-only, or hidden from the user in the Self-Service Console. For example, you can allow users to edit their e-mail addresses and mobile numbers, but not their User IDs.

All user attributes stored in external identity sources are read-only. For example, users whose accounts are stored in Active Directory cannot use the Self-Service Console to change their Self-Service passwords. Users can view the read-only attributes in external identity sources and report any discrepancies to the administrator.

Before users can view or edit their user profiles, you must populate the users’ profiles, as follows:

New user. If a user is not in the internal identity source or in an external identity source, you must enter the required information into the user’s profile.

User not in Authentication Manager, but in a directory server. The directory server populates the user profile.

In the Security Console, you can use the default user profile or customize it for each identity source that you use. When deciding whether to customize user profiles, consider the following:

  • Does your company have different names for some fields in the default user profile, for example, “User name” instead of “User ID”?

  • Do you need to add descriptive text to instruct users about what to enter in any fields?

  • Do you need to add custom attributes, for example, a home address for users?

If you create custom attributes for an identity source, you can add custom attributes to the user profile. Optionally, you can customize the labels for each attribute.