Skip to main content

User Management

Introduction

The UUIDs of users created in the IDP will be mirrored in the AST.

Local User Management

Users are permanently stored in IDP(IAM) platform.

Admin Dashboard

Admin Dashboard is a GUI interface.

Add User

  • Navigate to Users -> Press button "Add User" -> Add user dialog will appear
  • Enter unique username
  • Press "Save" Button
  • User will be added to the local IDP(IAM) platform database.

Add User

Update User

  • Navigate to Users -> Select user and click on username -> user dialog will appear
  • Modify account data
  • Press "Save" Button

Enable/Disable User

Enable/Disable User

User can be enabled or disabled by turning enable switch on or off. When user has active 2FA devices those devices will be deactivated.

Remove User

User can be deleted by pressing delete button. When user has active 2FA devices those devices will be permanently removed.

Impersonation

Most of the times it is useful for an admin to impersonate as a user. For example, when a user experiences bugs in one of the applications, then an admin could impersonate as a user to check if he can replicate the bugs. Admins with appropriate permissions can impersonate a user. There are two places where an admin can initiate user impersonation. The first option is on the "Users List" tab.

Impersonate

As shown in the picture, an admin can search for the user and click on the button "impersonate".

Second option to impersonate the user is from the "User Details" tab.

Impersonate

At the bottom of the page admin can click on the "Impersonate" button.

During impersonation, if the admin and user are on the same realm, then the admin will be logged out and automatically logged in as user being impersonated. If the admin and user are not on the same realm, then the admin will remain logged in, but additionally be logged in as user in the user’s realm. In both the cases, browser will be automatically redirected to the "User Account Management" page of the user who is impersonated. Pay attention to some browsers because popups are blocked by default.

Any user having realm’s impersonation role can impersonate another user. In case impersonation is not required for a given user role category remove this permission from the role.

Admin REST API

Prerequisites to all functions below

In order to get User id following function needs to be executed.

GET /{realm}/users?username={"username1": "username2"}

Update User

Update user can be useful to following use case. User was create, but was disabled per default. Now user will be enabled and activation code will be distributed to the user. Application could do following steps.

Enable/Disable User

PUT /{realm}/users/{id}

Enable User

{
    "enabled": true,
}

Disable User

{
    "enabled": false,
}

Remove User

DELETE /{realm}/users/{id}