In identity management an identity is a set of informations that describes a real person. Some of the information like First Name, Last Name, Login or Password are crucial for many IT systems, since they process them, or e.g. use them for authentication or authorization. Identity management systems process the data about identity, transform them and use them to manage accounts on connected systems.
The representation of a user in CzechIdM system is an entity called identity. Put simply, an identity can be described as a user registered in CzechIdM with all his attributes e.g. first name, surname, phone number, etc. The identity representation is rather complex discipline. To be able to handle automatic identity lifecycle processes CzechIdM presents other entities with attributes that have a relation to an identity. Those are Contracts, Roles and Tree nodes forming Tree strucures.
The relation of identities in CzechIdM with a company or organization is represented by an entity called contract. A contract can be imagined as:
A user can have many contracts. A contract is in relation with other objects in CzechIdM:
Identity life cycle is controlled by state. State is changed automatically by system - when identity is created, contract to identity is added or removed etc.
Identity states:
When identity starts to be valid (some of their contract starts to be valid) and identity has account at least on one target system, then new password is generated and changed on all identity's accounts ⇒ identity will have the same password in all accounts. Notification (see acc:newPasswordAllSystems
template) is send to identity about new password on which accounts were changed.