7.5:adm:identities

Identities (users)

 Entities relations

The representation of a user in CzechIdM system is an identity object. Put simply, an identity can be described as a user registered in CzechIdM with all his attributes e.g. first name, surname, phone number, list of accounts on the connected systems, list of permissions on the connected systems, etc…

Log in to CzechIdM as a user with the permission to administer users. Go to users’ agenda and click on Create user.  User list agenda

The form for creating a new user will appear, where the basic information about the user can be filled in. The required attributes are: user name, surname and password.

The following user attributes can be filled in:

  • User name – The user is identified using the user name and the user will log in to CzechIdM with it as well.
  • Surname – a descriptive attribute of the user, it is used for autocompleting forms and search fields
  • Password – The password can be generated using the box Generate password. It can also be written manually. In both cases, the password must meet the CzechIdM password policy, which is done automatically with the generated password.
  • Email – Email notifications from CzechIdM for the user are sent to this email address.
  • Title before, Title after – descriptive attributes of the user
  • Phone number – SMS notifications from CzechIdM for the user are sent to this phone number.
  • Inactive – Inactive users cannot log in to CzechIdM. This attribute is often used to map to an indication of a blocking on the end system (MS AD – blocked)
  • Description - a descriptive attribute of the user

Creation of a user is confirmed by clicking on Create. Managing the user’s information such as the job position or permissions can be done only after creating the user. By clicking the button back, the form is closed without saving. By clicking the arrow next to the button Create, a drop-down menu Create and edit will appear, which allows finishing the creation of the identity immediately and continue editing other user’s attributes such as, relations, roles, etc.

The relation of identities in CzechIdM with a firm or organization is represented by contracted positions in CzechIdM. A contracted positions can be imagined as:

  • industrial relation/contract for work – employees
  • study – pupils/students
  • contract/arrangement – external co-workers

A user can have many contracted positions. A contracted positions is in relation with other objects in CzechIdM:

TODO picture

Uživatel může mít vztahů více. Vztah je spojen s dalšími objekty v CzechIdM:

  • Identity – described above
  • Tree structure – a contracted position can be added to a tree (organizational) structure, which effectively allows integrating the user into a hierarchical division in an organization.
  • Roles – roles in CzechIdM are assigned to constracted positions, i.e. the user gets roles through his relations. Due to this, all manually created identities can (application option) have one automatically prepared relation called Default.

Pro vytvoření vztahu vyhledáme na záložce Uživatelé identitu, které chceme vztah vytvořit. Klikneme na její uživatelské jméno a tím zobrazíme její detail.

To create a contracted position, find the identity for which the contracted position will be created in the tab Users. Click on its user name and thus display its detail. Contracted positions list

A list of current relations can be seen on the card Positions. If the identity has been created manually, it might already been assigned the default relation called Default. Now, click on the button Add or on the magnifying glass symbol next to the name of the relation to create a new relation or edit the current one.

 A contracted position detail

The following attributes of the user’s contracted position can be filled in now:

  • Work position – Name of the contracted positions
  • Structure type – Selection of a tree structure for integrating the contracted position
  • Position – Putting the user to a specific position in the tree structure. The selection is available only if a Structure type has been selected.
  • Valid from – the validity starting date of the contracted position. This selection influences the identity lifecycle processes and assigning of automatic roles.
  • Valid till – the validity ending date of the contracted position. This selection influences the identity lifecycle processes and removing of automatic roles.
  • Main position – These relations are displayed in the user’s detail profile as profile summary (green window). The relations caused by manual creating of an identity are mainly labelled as Main. Main position is also widely used when user data is provisioned into connected system that does not support multiple contracted position. Usually only data from main contracted position is provisioned.
  • External contractor – a contracted position belonging to an outside contractor or any person that is not usual employee/student etc. Some organizations divide its users to internal and external and the approach to their administration can differ.
  • Inactive – represents the contracted position status with respect to its execution. For example, contracted position of users on maternity leave are inactive. This indication is independent of the time validity of the relation – attributes Valid from, Valid till. The selection Inactive influences the identity lifecycle processes and blocking the user, mainly the process “TODO”.

After you save new contracted positions definition, you can fill several more attributes - EAV. More over, you can define users' superordinates/managers via tab Guarantees.
Manager – Managers/guarantees can be defined for every contracted position, i.e. users, usually the user’s superordinates/managers. Managers/guarantees also play a role in approval processes and other tasks.

On a user detail tab panel, there is also a tab called Accounts as you can see in the screenshot below. When you access this page, it will show all accounts on connected system that CzechIdM has in its evidence.