User source integration
Sync your admin users from the external user source.
Overview
By default you create users in idemeum local directory by specifying email address or phone number. Then the user verifies the same email address or phone number in the mobile application and gets onboarded by scanning a QR-code.
Another option is to sync user records from the external user source (i.e. Entra ID), and these record will be used for user onboarding.
External directory
External user source allows you to leverage existing user database for user onboarding or RFID badge lookup.
Users do not need to be manually created in idemeum, and it is expected that external user source will have a mapping between corporate email address and personal user information for onboarding to work.
- To connect idemeum to external user source navigate to to
Users->User source - Then choose the source that you want to connect to from a dropdown list
- Authorize access and save the configuration
- Off-boarding frequency - with this configuration you can choose how often you want idemeum to check for off-boarded employees using local user source. Say user is deleted in HR system, and you set this interval to 4 hours. Every 4 hours idemeum will check for off-boarded user to remove access and de-provision applications.
- Proximity card onboarding attribute - the lookup attribute to be used with RFID badge onboarding.
Directory attributes
idemeum supports user attributes which can be used as expression for applications, for example you can use user attributes to combine users into groups.
Here is the general syntax for how to use user attributes - ${user.attribute-name}. In this example application will resolve the expression using user attribute named attribute-name value.
Local directory attributes
When you use local directory, you can use built-in attributes that are available out of the box.
| Attribute | Expression | Description |
|---|---|---|
| first_name | ${user.first_name} | User first name |
| last_name | ${user.last_name} | User last name |
| ${user.email} | User email address | |
| phone | ${user.phone} | User phone number |
| fully_qualified_did | ${user.fully_qualified_did} | User unique identifier i.e. did:dvmi:a358000f-2843-4f02-b662-864491a7c9ad |
You can also custom attributes based on your needs. For instance, let's add custom attribute job_title so that we can leverage this attribute in user groups.
- Navigate to idemeum admin portal
- Access
Users->User source - Make sure you have local directory configured
- Expand
Advanced optionsand enter any custom attribute you want in theCustom attributessection. If you need to specify multiple attributes, you can use comma to separate attribute names.
Now you can leverage this attribute in the Groups section, and you can reference this attribute in provisioning and other areas as ${user.job_title}
External directory attributes
Today we support external attributes when Azure AD is leveraged as external user source. Here are the attributes supported for Azure AD today:
| Attribute | Expression | Description |
|---|---|---|
| first_name | ${user.first_name} | User first name |
| last_name | ${user.last_name} | User last name |
| ${user.email} | User email address | |
| phone | ${user.phone} | User phone number |
| fully_qualified_did | ${user.fully_qualified_did} | User unique identifier i.e. did:dvmi:a358000f-2843-4f02-b662-864491a7c9ad |
| job_title | ${user.job_title} | User job title |
| department | ${user.department} | User department |