Users can be modified in IDHub via multiple ways. This document lists the ways in which a user can be modified in IDHub.
Ways to Modify User in IDHub
- To Modify Users
- Via Service Request
- Via Trusted App Reconciliation
Let us go into each way in detail
Modify User via Service Request
Requesting For Modify User Service
- Who can request? - Any user can request for a user modification from this service for self or other users in the organisation
- How it can be requested? - From Search Catalog ‘Service’ Tab, option to add to cart will be present. Upon adding the cart and opening cart details page, form needs to be filled for the service which will have user attributes coming from a form
- What is the approval process? - After requesting, the request goes to the System Administrator for approval. Once approved by an admin from task page, the user attribute is modified
Managing Modify User Service
- Manage Service : IDHub has a section named ‘Services’ in Admin Module. This section helps in managing user life cycle features of IDHub. The Services uses a form and a workflow to complete its action. To know more about Services, go to Services section (Link to be added later).
- Manage Custom Form : IDHub has a section named ‘Custom Form’ in Admin Module. This section lists all custom forms that are used at various placed in IDHub. Form Name - ‘Modify User’ can be viewed or edited as needed to maintain organisation specific customizations.
- Example: A new attribute named ‘Building Number’ can be added in User Schema from ‘Admin Settings’ section (Link to be added later), this new attribute can be added as a input type in the ‘Modify User’ Custom Form so that it will be needed while user modification request
Modify User via Trusted App Reconciliation
Assuming a trusted application is set up correctly (To know more, go to Create User page), upon the next synchronization process of a trusted application, IDHub assesses a record for changes in user attributes. If the user attribute has a Sync direction to update in IDHub (i.e. either Bi-directional sync or App to IDHub) then the user attribute in IDHub gets updated.
For a trusted application, account field name and reconciliation keys are not in a direction where IDHub record is updated. This is because if the record has updated values in the synced application for attributes with account field name and reconciliation key, then IDHub will not be able to attach the record with a user since reconciliation key is the one to identify the user. In this case, new values will attempt to create a duplicate user in IDHub which will not have any login. Thus to avoid this scenario, keep the Sync direction of account field name and reconciliation key attributes to either No Sync or IDHub to App only