4.1 Searching for a person

To search for a person:

1. Click the People category.

2. Select the search to use from the drop-down list.

   By default, only the People search is available; however, your system may have additional people searches that you use for reporting.

3. Select where to search.

   You can search an attached directory; you may have more than one directory. If your system is set up with more than one source of people information, click the tabs to select where to search.

   If you are using the Additional Identities (AID) search report, you can search only the MyID database; you cannot search a directory.

4. Enter some or all of the search criteria.

   Note: Search criteria are not case sensitive.

   • Group – click the open icon to select the group to which the person belongs.

     See section 3.3.8, Selecting a group.

     If you want to view people from the groups below the selected group in the hierarchy, select the Include Subgroups option.

   • Logon – type the person's logon name. You can use wildcards.

   Note: The available search criteria may depend on whether you are searching the MyID database or an attached directory.

   You can also select Additional search criteria. See section 7.3.1, People report for details of which fields are available for the People search.

   Select the additional criteria to add them to the search form. Click the close x buttons on the additional criteria to remove them from the search form.

5. Click SEARCH.

   The list of matching results appears.

   Records are sorted in the order they appear in the MyID database; currently, you cannot change the sort order.

   If more results are available, the text (scroll for more) appears; scroll to retrieve the next page of results automatically.

   A maximum of 200 results are returned. If the number of results exceeds the limit, a + sign is appended to the number of results; for example:

   200+ results - 50 displayed (scroll for more)

   In this case, you are recommended to change your search criteria to provide a more focused set of results.

   Note: When searching LDAP, the number of results returned may be limited by the directory; the default for Active Directory is 1000 records. You are recommended to use the search criteria to limit the results returned.

6. Click a record to display the person's details.

   Note: If the person has been added to the MyID database, the form is titled View Person. If the person is only in a directory, and has not yet been added to the MyID database, the form is titled View Person (Directory).

   You can view information on the following tabs:

   • DETAILS – view the person's details.

   • ACCOUNT – view the person's directory account details.

   • DEVICES – view the list of devices currently assigned to the person.

     Note: Mobile devices are not included in this list.

   • REQUESTS – view the list of active requests for the person.

     See section 6, Working with requests.

   • HISTORY – view the list of audit entries relating to the person.

     See section 4.1.1, Viewing a person's history.

   From this screen, you can:

   • Edit the person's details. See section 4.3, Editing a person.
   • Remove a person's record from the MyID database. See section 4.7, Removing a person.
   • Request a device for the person. section 4.4, Requesting a device for a person.
   • Synchronize the person's account with the directory. See section 4.5, Synchronizing a person.

   Note: If you are viewing your own record, you cannot edit the account, request a device, or enable/disable the account. Another operator must carry out these operations on your behalf.

You can also view a person's details from any form that contains a link to their account.

For example:

• Click the link icon on the Full Name field of the View Request form.
• Click the link icon on the Owner field of the View Device form.

4.1.1 Viewing a person's history

The HISTORY tab displays the 1000 most recent entries relating to the person in the MyID database; it is not available for people who are only in the directory.

Note: You must have a role that has access to the View User Audit feature to view this tab; see section 3.4, Roles and groups.

You can click on an entry in the report to display the View Audit screen. See section 8.1, Viewing audit details for more information.

Audit entries relating to the following workflows are never displayed on the HISTORY tab, for reasons of security:

• Mobile Certificate Recovery
• Request Key Recovery
• Approve Key Recovery
• Collect Key Recovery
• View Key Recovery
• Collect My Key Recovery

Some other entries relating to MyID Desktop workflows may not be displayed, particularly in systems upgraded from older versions of MyID, due to inconsistencies in how user information is recorded in the audit data.

There is a difference between the contents of audit entries created from operations in the MyID Operator Client and MyID Desktop: operations carried out in the MyID Operator Client produce audit entries that detail only what has been changed, while operations carried out in MyID Desktop produce audit entries that also include data that has not been changed. Note also that the history displayed in MyID Desktop displays only changes made to the person's account, while the HISTORY tab in the MyID Operator Client displays all audit entries for which the person was the target.

Note: The HISTORY tab does not currently display any archived audit entries.

4.1.2 Wildcards

For fields where you can use wildcards, you can use the following:

• * for multiple characters.

  For example, Sa* matches Sam, Samuel, and Samantha.

• ? for single characters.

  For example, Sa? matches Sam, but not Samuel or Samantha.

  Note: When searching for people, you cannot use ? for a single-character wildcard if you are searching an LDAP directory. The ? wildcard is supported only when searching in the MyID database.