Configure Domain User System
Define the types of an authorisation domain's Technical Users and their permissions. Enable organisations to add their users and delegate chosen parts of responsibilities to other employees.
For more explanation on how to successfully model an ecosystem/federation to fully reflect its needs and requirements, see the Modeling Ecosystems article.
- Access Token with Write Access and with the directory:website scope - if you want to create or manage types of technical users using Connect's APIs.
Select Reference Data > Domain Users Settings > New Domain User System.
Fill in the fields defining the domain user system and save.
Field Name | Field description | Example |
System Name | Enter the domain user system name | Sandbox Users |
System Description | Description of the domain user system | Users Managing Sandbox Environment |
From the list, select the newly created user system and the + icon to add a domain user type.
Fill in the fields defining the technical user type and select Next.
Field Name | Field description | Example |
User Type Name | Name of the user type | Primary User |
User Type Description | Description of the user type | Primary users manage sandbox environment |
Linked Parent Role | Linked parent role if available | n/a |
Enable/disable the Directory Access checkbox to control whether the user has access to directory resources.
If disabled, no additional permissions are available for configuration.
Adding users without the directory access can be used if you want to enable them to have access scopes for other platforms that leverage the directory's SSO functionality even though they may not have any direct function in the directory itself.
Enable the checkboxes under to permissions you wish the user type to have:
- Admin level access - user has the ability to view and modify all resources available within the platform.
When selecting an administrator-level permission, the user has the write access permission to all resources, not just those associated with their bound roles.
- Write level access - grants the ability view and modify the selected resource
- Read level access - grants the ability to view but not modify the selected resource
- None - the user can neither view nor modify the selected resource
Available permissions:
- Software Statements Access: Users can view and/or edit resources related to Applications and Software Statement Assertions. For example, the user can register a new application and request a software statement assertion.
- Domain User Access: Users can view and/or manage Domain (Technical) Users within their organisation.
- Organisation Certificates Access: Users can view and/or manage the certificates issued for their organisation including requesting new certificates.
- Organisation Contacts Access: The users can view and/or edit their organisation's contact addresses.
- Authorisation Server Access: The users can view and/or manage the authorisation servers registered for an organisation including publishing API resources within the platform.
Enable the Receive Email Notifications checkbox if needed.
The Receive Email Notifications setting defines whether the user will receive email notifications about any update to organisation's resources and configuration, for example, when a new organisation administrator is added.
Save.
Raidiam Connect allows organisations to integrate with the following APIs for Authorisation Domain User System and Type Management:
- User System:
- Update Authorisation Domain User System - includes the possibility to disable user system by setting its status to inactive
- User Type:
- Update Authorisation Domain User Type - includes the possibility to disable user type by setting its status to inactive