Users can be created in IDHub via multiple ways. This document lists the ways in which a user can be created in IDHub.
Ways to Create User in IDHub
- To Create Users
- Via Service Request
- Via Trusted App Reconciliation
Let us go into each way in detail
Create User via Service Request
Requesting For Create User Service
- Who can request? - Any user can request for a user creation from this service
- How it can be requested? - From Search Catalog ‘Service’ Tab, option to add to cart will be present. Upon adding the cart and opening cart details page, form needs to be filled for the service which will have user attributes coming from a form
- What is the approval process? - After requesting, the request goes to the System Administrator for approval. Once approved by an admin from task page, the user is created
- What is the login process for this user? - Email attribute is a required field in the form while requesting, once added, requested and approved, email with password is sent to user for logging in.
Managing Create User Service
- Manage Service : IDHub has a section named ‘Services’ in Admin Module. This section helps in managing user life cycle features of IDHub. The Services uses a form and a workflow to complete its action. To know more about Services, go to Services section (Link to be added later).
- Manage Custom Form : IDHub has a section named ‘Custom Form’ in Admin Module. This section lists all custom forms that are used at various placed in IDHub. Form Name - ‘Create New User’ can be viewed or edited as needed to maintain organisation specific customizations.
- Example: A new attribute named ‘Building Number’ can be added in User Schema from ‘Admin Settings’ section (Link to be added later), this new attribute can be added as a input type in the ‘Create New User’ Custom Form so that it will be needed while user creation request
Create User via Trusted App Reconciliation
How to create a trusted application?
- This is done in Manage Catalog section of IDHub.
- An application creation process is similar to any other application creation via Wizard (Link for App Creation to be added later)
- The checkbox ‘Create Users on Reconciliation’ differentiates a trusted application with a non trusted
A trusted application is a configuration which allows new user additions in IDHub. If the check box ‘Create Users on Reconciliation’ is not selected, the application becomes a non-trusted application which does not allow new users to be created in iDHub while performing synchronizations to and from IDHub. For bulk upload of apps, this attribute name for this configuration is ‘trustedReconciliation’ which can be either True (For Trusted) or False (For Non trusted).
- Attributes needed to be mapped with IDHub fields for making a trusted application
|IDHub Field Name||Functions Dependent in IDHub||Unique to user||Mandatory to Create User|
|User Login (login)||All functions||Yes||Yes|
|Email (email)||All functions||Yes||Yes|
|Display Name (displayName)||Access Request||No||No|
|Manager Login (managerLogin)||Task Approvals||No||No|
|Manager Display Name (managerDisplayName)||View User Profile and Request Workflows||No||No|
The above mentioned fields needs to be mapped mandatorily with a trusted application field (it can be split into two trusted application as well - To be covered in advanced trusted application) to use IDHub for identity and access management. Without getting values in mandatory idhub fields, user will not be created in IDHub.
How to create user from trusted application?
- Reconciliation process will be used to pull information of existing and new users from the application to IDHub on a timely basis or on-demand as needed. This will be discussed in more detail in the reconciliation module.
- Upon reconciliation, if the system is unable to identify a new user from the Reconciliation Key (IDHub terminology for a foreign key in user table), it will create a new user in IDHub if all mandatory attributes of user are present and mapped with correct IDHub user attribute.
- Upon reconciliation, if the system is able to identify an existing user from the Reconciliation Key, then a new user is not created in IDHub
Creating users via trusted app reconciliation process will not give a login mechanism for users to get into IDHub. It needs to be explicitly setup to use. Check Setup Login section for more info.