===== Configure and use new identity projection =====

{{tag> form projection}}

[[devel:documentation:identities:adm:user-type|User type (projection)]] was added in CzechIdM version 10.2.0. Projection defines frontend form to read, create and edit user. We can create and edit user by different form. For example externe and internal employee can be created and edited differently (different attributes has to be filled). Used projection for user creation is set as user type.

==== Projection agenda ====

New projection can be configured from agenda **Setting** -> **Form definitions** -> **Form projections** -> **Add** button.

{{ :devel:documentation:identities:adm:projection-list.png |}}

==== Add new projection ====

We can configure new projection to introduce all features:
  * Code - **Externe user**. Projection simple name.
  * Module - we can leave it empty, **core** module is used by default.
  * Frontend target - we can leave it by default **/form/identity-projection**. This target leads to prepared product projection page on frontend. Only developer can register new target page.
  * Basic user attributes - select  **User name**, **First name**, **Surname**, **Personal number**.
  * Basic contract attributes - select  **Work position**, **Valid from**, **Valid till**.
  * Basic attributes validation - configure validations for fields:
    * **Personal number** - required, minimum and maximum length **5** (~ 5 letters only)
    * **Valid till** - required, minimum contract validity **0** (~ current date), maximum contract validity 385 days (~ 13 monts in future). Sometimes it is demanded to avoid the possibility to set empty date for contract which means unlimited. Then it is advised to set validation of such attribute also as **required**.
  * Form definitions - we need to prepare extended attributes form definition before to use then here, we will use this definitions and attributes as example:
    * **default - IdmIdentity** - default form definition for users, select attributes:
      * **Mobile phone** - text attribute
      * **Reqistration** - boolean attribute
    * **default - default - IdmIdentityContract** - default form definition for contracts, select attributes:
      * **Environment** - codelist ith available environments
      * **Manager** - user select box
  * **Set direct guarantee for new contract** - Set currently logged user as direct guarantee for newly created contract
  * Description - **Create and edit externe user.** Description is shown in projection list (into about projection and for filter).
  * Inactive - inactive projection will not be available for creating new user.

{{ :tutorial:adm:projection-detail.png |}}

<note tip>We filled simple projection name as projection code. Projection name will be shown without localization. Read how to add [[devel:documentation:identities:adm:user-type#localization|localization]]</note>

<note tip>Authorization policies have to be configured to read and edit extended attributes by admin and user. Read how to configure [[devel:documentation:identities:adm:user-type#authorization_policies|authorization policies]].</note>

<note tip>Attributes generated by system can be hidden. For example we not provide to set or change user password - we expect password will be generated after user will be provisioned on target system (one password will be set to all user account and for IdM too). Read how to [[#set_or_change_user_password|set or change user password]] by product projection.</note>

<note tip>Configured basic field validations will be evaluated on every place in application for users in given user type (~ projection).</note>

==== Choose projection ====

When new user is created (menu **Users** -> **Create user** button.), then newly created projection can be chosen:

{{ :devel:documentation:identities:adm:projection-choose.png |}}

<note tip>Default form can be used too as default. Read how to hide this option by [[devel:documentation:identities:adm:user-type#available_configuration_properties|configuration]], if needed.</note>

=== User detail for create user by configuration above ====

{{ :tutorial:adm:projection-user-create.png |}}

We can create new user with all attributes are filled. We can choose roles, which will have to be assigned (requested) for created user. Used form (projection) is set as user type. After form is saved, the same form is shown and user can be edited if needed. The same form is used and shown as user detail.

=== User detail for edit user by configuration above ===

{{ :tutorial:adm:projection-user-edit.png |}}

=== Default full detail ===

Default full detail can be shown for each user with projection usage. New button was added into user (and projection) detail header:

{{ :devel:documentation:identities:adm:projection-default-detail.png |}}

Button is available for all logged user without any additional permission is needed. Quick link to default full detail is available from top profile menu. Buttons on dashboard ane any other link to user detail will lead to projection form.

The same way is posible to go back to form by projection from full default detail. Button is in the same place with different direction.

==== Change user type ====

User type (projection) can be changed from default full identity detail:

{{ :devel:documentation:identities:adm:projection-change.png |}}

After user type is changed and user is saved, then button in detail header (see above) can be used for show user in form projection.

<note tip>Authorization policies have to be [[devel:documentation:identities:adm:user-type#authorization_policies|configured]] to enable change user type.</note>

==== Set or change user password ====

If **password** attribute is added in projection personal data configuration, then:
  * New password can be filled fo newly created user,
  * link to change password is available for edited user.

<note tip>Password change has to be enabled by [[devel:documentation:identities:adm:user-type#available_configuration_properties|configuration]].</note>

<note tip>Authorization policies have to be [[devel:documentation:identities:adm:user-type#authorization_policies|configured]] to enable password change.</note>

==== Add or change user roles ====

New roles can be requested for newly added user. If user is edited, then assigned roles are shown with button to change assigned roles by role request.

Identity roles are assigned asynchronously, so pending role requests are shown together with assigned roles. Assigned roles are refreshed automatically, when asynchronous role request is completed.

<note tip>Authorization policies have to be [[devel:documentation:identities:adm:user-type#authorization_policies|configured]] to enable this feature.</note>


===== Admin guide =====
  * [[devel:documentation:identities:adm:user-type]]

===== Devel guide =====
  * [[devel:documentation:identities:dev:user-type]]