tutorial:adm:user-type

User type (projection) was added in CzechIdM version 10.2.0. Projection defines frontend form to read, create and edit user. We can create and edit user by different form. For example externe and internal employee can be created and edited differently (different attributes has to be filled). Used projection for user creation is set as user type.

New projection can be configured from agenda SettingForm definitionsForm projectionsAdd button.

We can configure new projection to introduce all features:

  • Code - Externe user. Projection simple name.
  • Module - we can leave it empty, core module is used by default.
  • Frontend target - we can leave it by default /form/identity-projection. This target leads to prepared product projection page on frontend. Only developer can register new target page.
  • Basic attributes - select User name, First name, Surname.
  • Form definitions - we need to prepare extended attributes form definition before to use then here, we will use this definitions and attributes as example:
    • default - IdmIdentity - default form definition for users, select attributes:
      • Mobile phone - text attribute
      • Reqistration - boolean attribute
    • default - default - IdmIdentityContract - default form definition for cntracts, select attributes:
      • Environment - codelist ith available environments
      • Manager - user select box
  • Description - Create and edit externe user. Description is shown in projection list (into about projection and for filter).
  • Inactive - inactive projection will not be available for creating new user.

We filled simple projection name as projection code. Projection name will be shown without localization. Read how to add localization
Authorization policies have to be configured to read and edit extended attributes by admin and user. Read how to configure authorization policies.
Attributes generated by system can be hidden. For example we not provide to set or change user password - we expect password will be generated after user will be provisioned on target system (one password will be set to all user account and for IdM too). Read how to set or change user password by product projection.

When new user is created (menu UsersCreate user button.), then newly created projection can be chosen:

Default form can be used too as default. Read how to hide this option by configuration, if needed.

User detail for create user by configuration above

We can create new user with all attributes are filled. We can choose roles, which will have to be assigned (requested) for created user. Used form (projection) is set as user type. After form is saved, the same form is shown and user can be edited if needed. The same form is used and shown as user detail.

User detail for edit user by configuration above

Default full detail

Default full detail can be shown for each user with projection usage. New button was added into user (and projection) detail header:

Button is available for all logged user without any additional permission is needed. Quick link to default full detail is available from top profile menu. Buttons on dashboard ane any other link to user detail will lead to projection form.

The same way is posible to go back to form by projection from full default detail. Button is in the same place with different direction.

User type (projection) can be changed from default full identity detail:

After user type is changed and user is saved, then button in detail header (see above) can be used for show user in form projection.

Authorization policies have to be configured to enable change user type.

If password attribute is added in projection personal data configuration, then:

  • New password can be filled fo newly created user,
  • link to change password is available for edited user.
Password change has to be enabled by configuration.
Authorization policies have to be configured to enable password change.

New roles can be requested for newly added user. If user is edited, then assigned roles are shown with button to change assigned roles by role request.

Identity roles are assigned asynchronously, so pending role requests are shown together with assigned roles. Assigned roles are refreshed automatically, when asynchronous role request is completed.

Authorization policies have to be configured to enable this feature.