Skip to main content

User management

User source integration

Choose how you want to manage idemeum users - locally or sync from external user source

Local directory

💡
Local directory is enabled by default when you first create your idemeum cloud tenant.

You can create user records manually in idemeum cloud directory.

  • Navigate to Users -> User source and choose Local
  • Once you save your configuration. you can navigate to Users -> User Management section to start creating users

You can configure the following parameters:

  • Off-boarding frequency - with this configuration you can choose how often you want idemeum to check for off-boarded employees using local user source. Say you delete user manually, and set this interval to 4 hours. Every 4 hours idemeum will check for off-boarded user to remove access and de-provision applications.
  • Email invites - choose to either automatically send invitation email to users as soon as they are added by administrator or manually through user actions on user management tab.
  • Custom attributes - define additional attributes that can be added to local users. You can list comma-separated attributes (i.e. job_title, country, etc.)

External directory

External user source allows you to leverage existing user database for user onboarding or RFID badge lookup.

Users do not need to be manually created in idemeum, and it is expected that external user source will have a mapping between corporate email address and personal user information for onboarding to work.

  • To connect idemeum to external user source navigate to to Users -> User source
  • Then choose the source that you want to connect to from a dropdown list
  • Authorize access and save the configuration
  • Off-boarding frequency - with this configuration you can choose how often you want idemeum to check for off-boarded employees using local user source. Say user is deleted in HR system, and you set this interval to 4 hours. Every 4 hours idemeum will check for off-boarded user to remove access and de-provision applications.
  • Proximity card onboarding attribute - the lookup attribute to be used with RFID badge onboarding.

Directory attributes

idemeum supports user attributes which can be used as expression for applications, for example you can use user attributes to combine users into groups.

Here is the general syntax for how to use user attributes - ${user.attribute-name}. In this example application will resolve the expression using user attribute named attribute-name value.

Local directory attributes

When you use local directory, you can use built-in attributes that are available out of the box.

Attribute Expression Description
first_name ${user.first_name} User first name
last_name ${user.last_name} User last name
email ${user.email} User email address
phone ${user.phone} User phone number
fully_qualified_did ${user.fully_qualified_did} User unique identifier i.e. did:dvmi:a358000f-2843-4f02-b662-864491a7c9ad

You can also custom attributes based on your needs. For instance, let's add custom attribute job_title so that we can leverage this attribute in user groups.

  • Navigate to idemeum admin portal
  • Access Users -> User source
  • Make sure you have local directory configured
  • Expand Advanced options and enter any custom attribute you want in the Custom attributes section. If you need to specify multiple attributes, you can use comma to separate attribute names.

Now you can leverage this attribute in the Groups section, and you can reference this attribute in provisioning and other areas as ${user.job_title}

External directory attributes

Today we support external attributes when Azure AD is leveraged as external user source. Here are the attributes supported for Azure AD today:

Attribute Expression Description
first_name ${user.first_name} User first name
last_name ${user.last_name} User last name
email ${user.email} User email address
phone ${user.phone} User phone number
fully_qualified_did ${user.fully_qualified_did} User unique identifier i.e. did:dvmi:a358000f-2843-4f02-b662-864491a7c9ad
job_title ${user.job_title} User job title
department ${user.department} User department