Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
devel:documentation:identities [2020/03/23 10:24] poulm contracts moved to separate chapter |
devel:documentation:identities [2020/03/26 09:50] (current) tomiskar [Admin guide] |
||
---|---|---|---|
Line 5: | Line 5: | ||
{{ : | {{ : | ||
- | The representation of a user in the CzechIdM system is an entity called **identity**. Put simply, an identity can be described as a user registered in CzechIdM with all his or her attributes e.g. first name, surname, phone number, etc. Identity representation is a rather complex discipline. To be able to handle automatic identity lifecycle processes, CzechIdM uses other entities with attributes that have a relation to identity. Those are **[[.:identities#contracts|Contracts]], | + | The representation of a user in the CzechIdM system is an entity called **identity**. Put simply, an identity can be described as a user registered in CzechIdM with all his or her attributes e.g. first name, surname, phone number, etc. Identity representation is a rather complex discipline. To be able to handle automatic identity lifecycle processes, CzechIdM uses other entities with attributes that have a relation to identity. Those are **[[.: |
{{ : | {{ : | ||
Line 13: | Line 13: | ||
In CzechIdM, the user password is stored in the Bcrypt hash function. User can change password only when he or she has permission '' | In CzechIdM, the user password is stored in the Bcrypt hash function. User can change password only when he or she has permission '' | ||
- | |||
- | ====== Time slices of contracts ====== | ||
- | {{tag> | ||
- | |||
- | On many projects, we encounter a source of data about users, employees or org. structures that use so-called time slices. Slice is essentially a snapshot of a contract in a given period of time. To simplify working with time slices, an agenda of the contract' | ||
- | |||
- | **The basic idea** is that time slices are stored in a self-contained agenda. This agenda only contains time slices for identity contracts. If a given slice is currently valid, its values will be **copied into the linked identity contract**. **Every day**, a scheduled task is performed, which calculates which slice is valid. Such a slice becomes currently used as a contract (its values are copied into the contract). | ||
- | |||
- | <note important> | ||
- | |||
- | **More information** about contract time slices can be found in the developer guide [[..: | ||
- | |||
- | ==== Protection of the validity of the contract ==== | ||
- | {{tag> | ||
- | |||
- | Sometimes there may be a situation where one of the time slices **ends** the contract, and at the same time, there is a next time slice that **restarts** this contract. If there is no gap between termination and restart, then the contract will not be terminated (no accounts will be deleted). If the dates do not follow, then (by default) the contract will be **terminated** and all connected **accounts will be removed** from the target systems. | ||
- | |||
- | However, in some situations (projects), it is required to use the **protection period** for which the contract will **not be terminated**, | ||
- | |||
- | **More information** about this protection can be found in the developer guide [[..: | ||
====== Read more ====== | ====== Read more ====== | ||
Line 38: | Line 18: | ||
* [[tutorial: | * [[tutorial: | ||
* [[tutorial: | * [[tutorial: | ||
- | * [[tutorial: | ||
- | * [[tutorial: | ||
===== Admin guide ===== | ===== Admin guide ===== | ||
* [[.identities: | * [[.identities: | ||
- | * [[.adm: | ||
* [[.identities: | * [[.identities: | ||
* [[.identities: | * [[.identities: | ||
* [[.identities: | * [[.identities: | ||
+ | * [[.identities: | ||
- | ===== Devel guide ===== | ||
- | * [[.identities: | ||
- | * [[.identities: |