Trust Framework Setup
Framework Configuration
Configure Domain User System
define the types of an authorisation domain's users docid\ ijyftusvdonrn4rxsnsev and their permissions enable organisations to add their users and delegate chosen parts of responsibilities to other employees for more explanation on how to successfully model an ecosystem/federation to fully reflect its needs and requirements, see the modeling ecosystems docid\ doeepqassfziwifctylnv article prerequisites users docid\ ijyftusvdonrn4rxsnsev access to the platform get an access token (r/w) docid\ bpimoxcmny4u46fbf0zsw and with the directory\ website scope if you want to create or manage types of technical users using connect's apis add new domain user systems and types select reference data > domain users settings > new domain user system fill in the fields defining the domain user system and save field name field description example system name enter the domain user system name sandbox users system description description of the domain user system users managing sandbox environment from the list, select the newly created user system and the + icon to add a domain user type fill in the fields defining the technical user type and select next field name field description example user type name name of the user type primary user user type description description of the user type primary users manage sandbox environment linked parent role linked parent role if available n/a enable/disable the directory access checkbox to control whether the user has access to directory resources if disabled, no additional permissions are available for configuration adding users without the directory access can be used if you want to enable them to have access scopes for other platforms that leverage the directory's sso functionality even though they may not have any direct function in the directory itself enable the checkboxes under to permissions you wish the user type to have admin level access user has the ability to view and modify all resources available within the platform when selecting an administrator level permission, the user has the write access permission to all resources, not just those associated with their bound roles write level access grants the ability view and modify the selected resource read level access grants the ability to view but not modify the selected resource none the user can neither view nor modify the selected resource available permissions software statements access users can view and/or edit resources related to applications docid\ at1zjk4wwrastj pdhvhx and software statement assertion docid\ gqktwpb7 8uwzz ua nqw for example, the user can register a new application and request a software statement assertion domain user access users can view and/or manage users docid\ ijyftusvdonrn4rxsnsev within their organisation organisation certificates access users can view and/or manage the certificates issued for their organisation including requesting new certificates organisation contacts access the users can view and/or edit their organisation's contact addresses authorisation server access the users can view and/or manage the authorisation servers registered for an organisation including publishing api resources within the platform enable the receive email notifications checkbox if needed the receive email notifications setting defines whether the user will receive email notifications about any update to organisation's resources and configuration, for example, when a new organisation administrator is added save manage domain user systems using apis raidiam connect allows organisations to integrate with the following apis for authorisation domain user system and type management user system create authorisation domain user system get authorisation domain user system update authorisation domain user system includes the possibility to disable user system by setting its status to inactive remove authorisation domain user system user type create reference data for new authorisation domain user type get authorisation domain user type update authorisation domain user type includes the possibility to disable user type by setting its status to inactive delete authorisation domain user type