User source integration
Choose how you want to manage idemeum users - locally or sync from external user source
Local directory
You can create user records manually in idemeum cloud directory.
- Navigate to
Users
->User source
and chooseLocal
- Once you save your configuration. you can navigate to
Users
->User Management
section to start creating users
You can configure the following parameters:
- Off-boarding frequency - with this configuration you can choose how often you want idemeum to check for off-boarded employees using local user source. Say you delete user manually, and set this interval to 4 hours. Every 4 hours idemeum will check for off-boarded user to remove access and de-provision applications.
- Email invites - choose to either automatically send invitation email to users as soon as they are added by administrator or manually through user actions on user management tab.
- Custom attributes - define additional attributes that can be added to local users. You can list comma-separated attributes (i.e. job_title, country, etc.)
External directory
External user source allows you to leverage existing user database for user onboarding or RFID badge lookup.
Users do not need to be manually created in idemeum, and it is expected that external user source will have a mapping between corporate email address and personal user information for onboarding to work.
- To connect idemeum to external user source navigate to to
Users
->User source
- Then choose the source that you want to connect to from a dropdown list
- Authorize access and save the configuration
- Off-boarding frequency - with this configuration you can choose how often you want idemeum to check for off-boarded employees using local user source. Say user is deleted in HR system, and you set this interval to 4 hours. Every 4 hours idemeum will check for off-boarded user to remove access and de-provision applications.
- Proximity card onboarding attribute - the lookup attribute to be used with RFID badge onboarding.
Directory attributes
idemeum supports user attributes which can be used as expression for applications, for example you can use user attributes to combine users into groups.
Here is the general syntax for how to use user attributes - ${user.attribute-name}
. In this example application will resolve the expression using user
attribute named attribute-name
value.
Local directory attributes
When you use local directory, you can use built-in attributes that are available out of the box.
Attribute | Expression | Description |
---|---|---|
first_name | ${user.first_name} | User first name |
last_name | ${user.last_name} | User last name |
${user.email} | User email address | |
phone | ${user.phone} | User phone number |
fully_qualified_did | ${user.fully_qualified_did} | User unique identifier i.e. did:dvmi:a358000f-2843-4f02-b662-864491a7c9ad |
You can also custom attributes based on your needs. For instance, let's add custom attribute job_title
so that we can leverage this attribute in user groups.
- Navigate to idemeum admin portal
- Access
Users
->User source
- Make sure you have local directory configured
- Expand
Advanced options
and enter any custom attribute you want in theCustom attributes
section. If you need to specify multiple attributes, you can use comma to separate attribute names.
Now you can leverage this attribute in the Groups
section, and you can reference this attribute in provisioning and other areas as ${user.job_title}
External directory attributes
Today we support external attributes when Azure AD is leveraged as external user source. Here are the attributes supported for Azure AD today:
Attribute | Expression | Description |
---|---|---|
first_name | ${user.first_name} | User first name |
last_name | ${user.last_name} | User last name |
${user.email} | User email address | |
phone | ${user.phone} | User phone number |
fully_qualified_did | ${user.fully_qualified_did} | User unique identifier i.e. did:dvmi:a358000f-2843-4f02-b662-864491a7c9ad |
job_title | ${user.job_title} | User job title |
department | ${user.department} | User department |