This is my story. Let me share it with you.
When I heard abbreviation IDM at the first time, I understood nothing (IDM administrators, please, don’t laugh very loudly at this moment 🙂 And by the way, don’t read this post at all). Even when I heard the full definition of Identity Management I got the same result: I understood every word separately but not the general sense, what should it do and why… Even now, after one year working at midPoint project as a developer, I can’t define myself as administrator of this system. Unfortunately, no, I’m not an administrator of midPoint IDM system, I’m just a developer…
But I believe that not everyone needs the knowledge of how IDM system should work, how it should be configured, what magic it does… There is a lot of people like some managers or some employees who don’t need such deep knowledge of IDM system. They need just some simple services such as viewing (or editing if it is allowed) their personal data, changing their password, requesting a role… That’s why we decided to implement such Self Service GUI part, to separate it for usual (not administrator) users of midPoint.
So now, if you want to know what data is assigned to your midPoint user (e.g. accounts, assignments etc.), please welcome to Home page of Self Service section. The profile will show you your personal data (such as name, telephone number etc.) and also it will show you your projections, assignments, tasks. To change your password, please go to Credentials page and use the most simple changing password form (if you see on that page some “stupid” field “Old password” or “stupid” section “Password propagation”, don’t strain yourself, just ask your administrator to configure this page in such way, not to see these “stupid, unnecessary” things at all, it is really possible 🙂 ).
And finally, Request a role page. If you are eager to have more roles (and to have more responsibilities and more work 🙂 ), just ask for the new roles on the Request a role page. It is also possible to totally assign a new role on this page if you have enough rights for that.
So don’t be afraid to use IDM system. It is easy. For everyone. And personally for you.
form for selection, which consists of two columns and buttons “->”, “<-" between them, needs to die, because it was good for the 90s, tolerated in the 2000s and unacceptable for the present time
Dmitry, thank you for your feedback
If you have any idea how we can improve the form of selecting/assigning multiple roles, please, let us know, any your proposition is welcomed. And as a picture is worth a thousand words,we would be happy to get a mockup or sketch.
You could try try to implement the concept of the online store where every role has a button “add to cart” and cart shown somewhere on top. In this case you don’t need to keep this big ugly buttons on page. And cart content (selected roles or other items) does not require as much space on the page.
Yes, we thought about the shopping cart paradigm. And yes, it is currently all he rage and especially the analysts seems to be crazy about it. But it is not that easy. Some customers really like to see what roles are currently assigned. It looks like that gives some kind of important information about what additional roles need to be selected. Also, the shopping cart works for systems that have simple roles. But midPoint has parametric roles. That complicates the things by adding several new dimensions. Yes, you can theoretically select a role and then set up the parameters while it is in the shopping cart. But that’s terribly inefficient way if most of your roles are parametric and most of them need the same parameter.
The GUI page that we currently have is a first iteration over the concept. We need more experience with using this part of GUI to move it forward. MidPoint has much more advanced RBAC system than other competing systems have. Therefore ju simply cannot just copy the ideas from competition. We need to evolve our own solution.
But anyway, thanks a lot for the feedback. It is much appreciated.