Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:identities [2019/06/25 08:48] tomiskar [Identity state] |
devel:documentation:identities [2020/03/22 20:48] poulm identity state moved to separate chapter and links corrected |
||
---|---|---|---|
Line 1: | Line 1: | ||
<- .:start | Documentation ^ .:start | Documentation ^ .:roles | Roles -> | <- .:start | Documentation ^ .:start | Documentation ^ .:roles | Roles -> | ||
====== Identities (users) ====== | ====== Identities (users) ====== | ||
- | In identity management | + | In identity management, identity is a set of information |
{{ : | {{ : | ||
- | The representation of a user in CzechIdM system is an entity called **identity**. Put simply, an identity can be described as a user registered in CzechIdM with all his attributes e.g. first name, surname, phone number, etc. The identity | + | The representation of a user in the CzechIdM system is an entity called **identity**. Put simply, an identity can be described as a user registered in CzechIdM with all his or her attributes e.g. first name, surname, phone number, etc. Identity |
{{ : | {{ : | ||
Line 11: | Line 11: | ||
===== Contracts ===== | ===== Contracts ===== | ||
- | The relation of identities in CzechIdM | + | The relation of identities in CzechIdM |
* **job contract** for work – employees | * **job contract** for work – employees | ||
* **study** – pupils/ | * **study** – pupils/ | ||
* **contract/ | * **contract/ | ||
* etc. | * etc. | ||
- | A user can have many contracts. A contract is in relation | + | A user can have multiple |
* **Identity** – described above | * **Identity** – described above | ||
* **Tree structure** – a contract can be added to a tree (organizational) structure, which effectively allows integrating the user into a hierarchical division in an organization. | * **Tree structure** – a contract can be added to a tree (organizational) structure, which effectively allows integrating the user into a hierarchical division in an organization. | ||
- | * **Roles** – roles in CzechIdM are assigned to contracts, i.e. a user gets roles through their contracts. Due to this, all manually created identities can (application option) | + | * **Roles** – roles in CzechIdM are assigned to contracts, i.e. a user gets roles through their contracts. Due to this, all manually created identities can have one automatically prepared contract called **Default**. |
- | <note important> | + | <note important> |
- | ===== Identity state ===== | ||
- | Identity life cycle is controlled by state. State is changed automatically by system - when identity is created, contract to identity is added or removed etc. | ||
- | Identity | + | ===== Identity |
- | * **created** - identity is enabled. State is assigned to newly created identity. | + | |
- | * **no contract** - identity is disabled. Identity doesn' | + | |
- | * **future contract** - identity is disabled. Identity has valid contract in the future, but not now. | + | |
- | * **valid** - identity is enabled. Identity has valid contract. | + | |
- | * **left** - identity is disabled. Identity has invalid contracts only. | + | |
- | * **excluded** (~disabled) - identity is exclued (disabled). Identity contracts are excluded (assigned roles are not removed, when identity is excluded). | + | |
- | * **disabled manually** - identity is disabled manually, e.g. by administrator / synchronization. Manually disabled identity can be enabled manually only again (assigned roles are not removed, when identity is disabled manually). | + | |
- | When identity starts to be valid (some of their contract starts to be valid) and identity has account at least on one target system, then new password is [[.architecture:dev: | + | Identity profile can be shown from the top menu - click on identity username, then select user setting. |
+ | |||
+ | Identity profile contains configurable properties: | ||
+ | * **Profile image** - user picture. | ||
+ | * **Prefered language** - localization | ||
+ | * **Default page size** - tables will show a given count of records by default. | ||
+ | * **Collapse side menu** - side menu will be collapsed, icons will be shown only. | ||
+ | * **Show system information** - show internal entity identifiers, | ||
+ | |||
+ | {{ :10.1: | ||
+ | |||
+ | All properties are saved right after input is changed. | ||
===== Password ===== | ===== Password ===== | ||
- | In CzechIdM | + | In CzechIdM, the user password |
Line 46: | Line 48: | ||
{{tag> | {{tag> | ||
- | On many projects, we encounter a source of data about users, employees or org. structures that work with so-called time slices. | + | On many projects, we encounter a source of data about users, employees or org. structures that use so-called time slices. |
- | **The basic idea** is that time slices are stored in a self-contained agenda. This agenda only contains time slices for identity contracts. If a given slice is currently valid, its values will be **copied into the linked identity contract**. **Every day** a scheduled task is performed, which calculates | + | **The basic idea** is that time slices are stored in a self-contained agenda. This agenda only contains time slices for identity contracts. If a given slice is currently valid, its values will be **copied into the linked identity contract**. **Every day**, a scheduled task is performed, which calculates |
- | <note important> | + | <note important> |
- | **More information** about contract time slices | + | **More information** about contract time slices can be found in the developer |
- | ==== Protection of the contract | + | ==== Protection of the validity |
{{tag> | {{tag> | ||
- | Sometimes there may be a situation where one of the time slices **ends** the contract, and at the same time there is a next time slice that **restarts** this contract. If there is no gap between termination and restart, then the contract will not terminate | + | Sometimes there may be a situation where one of the time slices **ends** the contract, and at the same time, there is a next time slice that **restarts** this contract. If there is no gap between termination and restart, then the contract will not be terminated |
- | However, in some situations (projects), it is required to use the **protection period** for which the contract will **not be terminated**, | + | However, in some situations (projects), it is required to use the **protection period** for which the contract will **not be terminated**, |
- | **More information** about this protection | + | **More information** about this protection can be found in the developer |
====== Read more ====== | ====== Read more ====== | ||
Line 73: | Line 75: | ||
* [[.identities: | * [[.identities: | ||
* [[.adm: | * [[.adm: | ||
- | * [[devel: | + | * [[.identities: |
+ | * [[.identities: | ||
===== Devel guide ===== | ===== Devel guide ===== | ||
- | * [[..: | + | * [[.identities: |
- | * [[..: | + | * [[.identities: |