Search Identity Providers

There are separate methods for searching identity providers vs. policy-backed identity providers.
There are separate methods for searching identity providers vs. policy-backed identity providers.
Searching Identity Providers
You can locate and view information about users and groups defined in the following identity providers:
The Policy-Backed Identity Providers have a slightly different use case that is described in more detail under "Searching Policy-Backed Service Providers" below.
To search identity providers
  1. Do any of the following:
    • Click
      Search Identity Provider
      on the Home Page.
    • Click [
      > Users and Authentication > Search Identity Provider
      from the Main Menu.
    • Right-click the identity provider to be searched in the [
      Identity Providers
      ] tab and then select
      Search Identity Provider
      . The Search Identity Provider dialog appears.
  2. Configure the search settings as follows:
    (drop-down list)
    Choose the identity provider to be searched  from the drop-down list. You can only search one identity provider at a time.
    The search behavior for Policy-Backed Identity Providers works a bit differently. See "Searching Policy-Backed Identity Providers" below for details.
    From the drop-down list, choose what you are searching for: Groups, Users, or All.  
    To refine your search, you can optionally specify that the name Equals or Starts with the string of characters that you specify. You can use the asterisk (*) wildcard to match any number of characters, or the question mark (?) to match any single character.
    This starts the search. Any names found are displayed in the Search Results box.
    This halts the search before it is completed. You may wish to stop the search if the name you are seeking is already displayed or if the search is taking too long.
    This closes the Search Identity Provider dialog.
    New Search
    This clears the search criteria and search results fields.       
  3. The results appear in the Search Results window. Individual users are indicated by image2014-10-21 9:44:3.png while groups or federated virtual groups are denoted by image2014-10-21 9:44:16.png.
    • To see detailed information about any user or group, double-click the name or click [
      ] with the appropriate name selected. The properties for that user or group is displayed.
    • To edit or delete non-LDAP users or groups, see Editing or Deleting a User or Group.
    LDAP Identity Provider users and groups cannot be changed in the Policy Manager. To modify these users or groups, use the appropriate external management program.
Searching Policy-Backed Identity Providers
Policy-Backed Identity Provider cannot be searched in the conventional sense, because it is not designed to house a set list of users like the Internal Identity Provider. Instead, you can use the Search Identity Provider dialog to assign roles to template users. These are users that the 
Layer7 API Gateway
 may not "know" about yet, but you can assign roles to these users if and when they are authenticated via a Policy-Backed Identity Provider.
You can configure it such that when user "sally" is authenticated against a Policy-Backed Identity Provider, she will automatically be assigned the role of "Operator". It does not matter that "sally" is not defined in any other identity provider or whether she will access the 
Layer7 API Gateway
 at all.
To configure a role for a template user
  1. Open the Search Identity Provider dialog.
  2. Choose a Policy-Backed Identity Provider from the Search drop-down list.
  3. Enter 
     in the "Name" box, leaving all other settings at their default.
  4. Click [
    ]. This creates the template user "sally": use the Search Identity Provider dialog to assign roles to template users
  5. Select "
    y" and then click [
    ]. This open the properties dialog for "sally".
  6. Select the [
    ] tab and then add the role(s) to be assigned to user "sally". For more information about this tab, see "Configuring the [
    ] Tab" under Internal User Properties.
    Any role(s) that you assign here to a template user will override a default role assigned through the Policy-Backed Identity Provider Wizard.