<- .:start | Documentation ^ .:start | Documentation ^ .:contracts | Contracts -> ====== Identities (users) ====== In identity management, identity is a set of information that describes a real person. Some of the information like First Name, Last Name, Login or Password is crucial for many IT systems, since they process them, or e.g. use them for authentication or authorization. Identity management systems process the data about identity, transform them and use them to manage accounts on connected systems. {{ :devel:documentation:identity.png?400 | Identity in identity management}} The representation of a user in the CzechIdM system is an entity called **identity**. Put simply, an identity can be described as a user registered in CzechIdM with all his or her attributes e.g. first name, surname, phone number, etc. Identity representation is a rather complex discipline. To be able to handle automatic identity lifecycle processes, CzechIdM uses other entities with attributes that have a relation to identity. Those are **[[.:contracts|Contracts]], [[.:roles|Roles]]** and **Tree nodes** forming **[[.:tree_structures| Tree strucures]]**. {{ :devel:adm:idm_entities.png?800 | Entities relations}} ===== Password ===== In CzechIdM, the user password is stored in the Bcrypt hash function. User can change password only when he or she has permission ''IDENTITY\_PASSWORDCHANGE'' for the given identity. The password contains also other metadata like "valid till", "valid from", "unsuccessful attempts", "block login date", "last successful login" etc. It is also possible to set flag **Password never expires**. This flag disables filling 'valid till'. 'Password never expires' and other attributes related to a password like 'valid till' can be set via agenda information about a password that is accessible through identity detail or password agenda. To update these attributes you will need permission ''PASSWORD\_UPDATE'' and ''PASSWORD\_READ''. ====== Read more ====== ===== Admin tutorials ===== * [[tutorial:adm:new_identity|Creating a new identity manually]] * [[tutorial:adm:how_to_identity_sync|Synchronizing identities from a source system - example]] ===== Admin guide ===== * [[.identities:adm:users|Identity life cycle (ILC)]] * [[.identities:adm:password|Password and identity]] * [[.identities:adm:identity_states|Identity states]] * [[.identities:adm:user_setting|User setting]] * [[.identities:adm:user-type]]