Local authentication server administration is normally done by an admin user.
In SA an End user can be given rights for user administration for a local authentication server.
When admin user logging into an admin realm is adding a user in a local authentication server,
he has following extra options [checkbox] as compared to an End user having rights to administrator a local auth server:
¥ One-time use (disable account after the next successful sign-in)
¥ Require user to change password at next sign in
In 7.4 Rx ,this new feature enables a END user administrator to add user to the local authentication server, with this set of options available.
Please let us know if you have any queries and I will be happy to address them.
This feature is really NOT BAD!
I would have liked it, IF:
This User would also have the ability to assign this new created user to one or more roles!
Generating a user in a particular authentication realm would otherwise mean that this use-case is just for ANY authenticated realm user that will be able to use all roles.
OR: that you are forced to do the role mapping with username prefixes and mappings to different roles
f.e. role1_stephan, role1_linda are the usernames
and you pre-configure the rolemapping like this:
if username IS
role1_* assign role1
This feature would have made more sense, if you would have local user GROUPS, assign those groups in the rolemapping and create local users IN A PARTICULAR group.
But like this, it is ... a little useless.
btw... the password change option is quite good.