|
2 | 2 |
|
3 | 3 | This guide walks you through the process of managing a user account. An owner or an administrator can manage user accounts. |
4 | 4 |
|
5 | | -## Onboard users |
6 | | - |
7 | | -There are three ways to onboard a user: |
8 | | - |
9 | | -- The user can self-register via the My Account portal or the login page of an application if self-registration is enabled in the organization. Learn how to [configure self-registration]({{base_path}}/guides/user-accounts/configure-self-registration/). |
10 | | -- An administrator can onboard users from an on-premise user store by [connecting a remote user store to {{ product_name }}]({{base_path}}/guides/users/user-stores/configure-a-user-store/). |
11 | | - |
12 | | - !!! note |
13 | | - If the remote user store access type is read-only, you cannot update the user profiles of users onboarded from this read-only user store. |
14 | | - |
15 | | -- An administrator can onboard users from the {{ product_name }} Console. |
16 | | - |
17 | | -Let's look at how administrators can onboard users from the {{ product_name }} Console. |
18 | | - |
19 | | -### Onboard a single user |
20 | | - |
21 | | -1. On the {{ product_name }} Console, go to **User Management** > **Users**. |
22 | | -2. Click **Add User** > **Single User** and provide the following details: |
23 | | - |
24 | | - {: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"} |
25 | | - |
26 | | - - **Email (Username):** A unique email address to identify the user. |
27 | | - - **First Name:** First name of the user. You can add/change this later. |
28 | | - - **Last Name:** Last name of the user. You can add/change this later. |
29 | | - |
30 | | - !!! note |
31 | | - You can include additional user details such as phone number, address, and other custom attributes when onboarding a user. This is done via |
32 | | - [attribute configurations]({{base_path}}/guides/users/attributes/manage-attributes/#configure-attributes). |
33 | | - |
34 | | - !!! note |
35 | | - |
36 | | - - A username is always unique to the organization and you can't change the username once it is created. |
37 | | - - Instead of using the email as the username, you can [configure the username]({{base_path}}/guides/user-accounts/account-login/username-validation/) to be an alphanumeric. Then, you will be asked to enter an alphanumeric username between the configured minimum and maximum lengths. |
38 | | - - The existing users who have already registered with their email address as the username can continue to use it to access applications, instead of having to create a new username. |
39 | | - |
40 | | -3. You can either request the user to set the password or set one on the user's behalf. |
41 | | - |
42 | | - - **Invite user to set their own password:** |
43 | | - |
44 | | - - **Invite via email:** If this option is selected, an email with a confirmation link will be sent to the provided email (username). The user can use the confirmation link to set up a new password. |
45 | | - |
46 | | - - **Invite offline:** If this option is selected, the administrator will receive an invite link at the end of user registration. This link can be shared with the user. |
47 | | - |
48 | | - - **Set a password for the user:** |
49 | | - If this option is selected, the administrator can set a password for the user. The user can change this password from the [My Account Portal]({{base_path}}/guides/user-self-service/customer-self-service-portal/). |
50 | | - |
51 | | -4. Add the user to a group in the next step. You will not see this option if you haven't created any groups in {{ product_name }}. |
52 | | -5. Click **Finish**. |
53 | | - |
54 | | - !!! note |
55 | | - If you have selected **Invite offline** or decided to **set a password for the user**, you can copy the corresponding information at the **Summary** page of the wizard and share with the user. |
56 | | - |
57 | | -### Onboard multiple users |
58 | | - |
59 | | -In addition to adding a single user, you can onboard multiple users at once, either manually or by using a CSV file. This is especially useful for large organizations that seek efficiency. |
60 | | - |
61 | | - |
62 | | - |
63 | | -!!! note |
64 | | - Importing multiple users is only supported for the Asgardeo-provided **DEFAULT** user store. |
65 | | - |
66 | | -#### Add multiple users manually |
67 | | - |
68 | | -1. On the Asgardeo Console, go to **User Management** > **Users**. |
69 | | -2. Click **Add User** > **Multiple Users**. |
70 | | -3. Switch to the **Manual** tab. |
71 | | -4. Enter the email addresses of the users you want to invite. Press **Enter** after each email to add it to the list. |
72 | | -5. Under Groups, select the group(s) from the dropdown to which users will be added during the import. |
73 | | -6. Click **Add** to send out the invitations. |
74 | | - |
75 | | -An email with a confirmation link will be sent to the provided email addresses, allowing the users to set their own passwords. |
76 | | - |
77 | | -#### Add multiple users using a CSV file |
78 | | - |
79 | | -1. On the Asgardeo Console, go to **User Management** > **Users**. |
80 | | -2. Click **Add User** > **Multiple Users**. |
81 | | -3. Switch to the **File Based** tab. |
82 | | -4. Click **Upload CSV File** or drag and drop a CSV file into the designated area. |
83 | | -5. Ensure your CSV file is formatted correctly, with headers that correspond to user attributes. These attributes must be mapped to local attributes. |
84 | | - |
85 | | - - A sample CSV file format would include: `username, givenname, emailaddress, groups` |
86 | | - |
87 | | - - For example: |
88 | | - |
89 | | - ``` |
90 | | - username,givenname,emailaddress,groups |
91 | | - user1,john,[email protected],group1|group2 |
92 | | - user2,jake,[email protected],group2 |
93 | | - user3,jane,[email protected],group1 |
94 | | - ``` |
95 | | -
|
96 | | -6. Click **Import** to add the users to the system. |
97 | | -7. An email with a confirmation link will be sent to the provided email addresses, allowing the users to set their own passwords. |
98 | | -
|
99 | 5 | ## Assign groups |
100 | 6 | A user can be assigned to different [groups]({{base_path}}/guides/users/manage-groups/) in the organization. Groups can be used to restrict the user's access to resources. |
101 | 7 |
|
@@ -401,183 +307,4 @@ To filter users by account status: |
401 | 307 | - **Pending email verification**: Filters users who haven't yet verified their primary email addresses. |
402 | 308 | - **Pending mobile verification**: Filters users who haven't yet verified their primary mobile numbers. |
403 | 309 |
|
404 | | - {: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"} |
405 | | -
|
406 | | -## Add users with email verification |
407 | | -
|
408 | | -1: Enable email verification |
409 | | -
|
410 | | -!!! abstract "" |
411 | | -
|
412 | | - curl -X 'PATCH' \ |
413 | | - 'https://api.asgardeo.io/t/<org_name>/api/server/v1/identity-governance/VXNlciBPbmJvYXJkaW5n/connectors/dXNlci1lbWFpbC12ZXJpZmljYXRpb24' \ |
414 | | - -H 'Authorization: Bearer <access_token>' \ |
415 | | - -H 'Content-Type: application/json' \ |
416 | | - -d '{ |
417 | | - "operation": "UPDATE", |
418 | | - "properties": [ |
419 | | - { |
420 | | - "name": "EmailVerification.Enable", |
421 | | - "value": true |
422 | | - } |
423 | | - ] |
424 | | - }' |
425 | | -
|
426 | | -2: Configure email verification method (Optional). Enable this to send OTP via email. |
427 | | -
|
428 | | -!!! abstract "" |
429 | | -
|
430 | | - curl -X 'PATCH' \ |
431 | | - 'https://api.asgardeo.io/t/<org_name>/api/server/v1/identity-governance/VXNlciBPbmJvYXJkaW5n/connectors/dXNlci1lbWFpbC12ZXJpZmljYXRpb24' \ |
432 | | - -H 'Authorization: Bearer <access_token>' \ |
433 | | - -H 'Content-Type: application/json' \ |
434 | | - -d '{ |
435 | | - "operation": "UPDATE", |
436 | | - "properties": [ |
437 | | - { |
438 | | - "name": "EmailVerification.OTP", |
439 | | - "value": true |
440 | | - } |
441 | | - ] |
442 | | - }' |
443 | | -
|
444 | | -3: Create user with email verification required |
445 | | -
|
446 | | -!!! abstract "" |
447 | | -
|
448 | | - === "Request format" |
449 | | -
|
450 | | - ```curl |
451 | | - curl -X 'POST' \ |
452 | | - 'https://api.asgardeo.io/t/<org_name>/scim2/Users' \ |
453 | | - -H 'Authorization: Bearer <access_token>' \ |
454 | | - -H 'Content-Type: application/json' \ |
455 | | - -d '{ |
456 | | - "userName": "<USERNAME>", |
457 | | - "emails": [ |
458 | | - { |
459 | | - "primary": true, |
460 | | - "value": "<EMAIL>" |
461 | | - } |
462 | | - ], |
463 | | - "password": "<PASSWORD>", |
464 | | - "urn:scim:wso2:schema": { |
465 | | - "verifyEmail": "true" |
466 | | - } |
467 | | - }' |
468 | | - ``` |
469 | | - === "Sample request" |
470 | | -
|
471 | | - ``` |
472 | | - curl -X 'POST' \ |
473 | | - 'https://api.asgardeo.io/t/<org_name>/scim2/Users' \ |
474 | | - -H 'Authorization: Bearer <access_token>' \ |
475 | | - -H 'Content-Type: application/json' \ |
476 | | - -d '{ |
477 | | - "userName": "DEFAULT/bob", |
478 | | - "emails": [ |
479 | | - { |
480 | | - "primary": true, |
481 | | - |
482 | | - } |
483 | | - ], |
484 | | - "password": "P@ssw0rd", |
485 | | - "urn:scim:wso2:schema": { |
486 | | - "verifyEmail": "true" |
487 | | - } |
488 | | - }' |
489 | | - ``` |
490 | | -
|
491 | | - --- |
492 | | - **Response** |
493 | | - ``` |
494 | | - "HTTP/1.1 201 Created" |
495 | | - ``` |
496 | | -
|
497 | | -4: Resend email verification code (Optional) |
498 | | -
|
499 | | -!!! abstract "" |
500 | | -
|
501 | | - === "Request format" |
502 | | -
|
503 | | - ```curl |
504 | | - curl -X 'POST' \ |
505 | | - 'https://api.asgardeo.io/t/<org_name>/api/identity/user/v1.0/resend-code' \ |
506 | | - -H 'accept: application/json' \ |
507 | | - -H 'Authorization: Bearer <access_token>' \ |
508 | | - -H 'Content-Type: application/json' \ |
509 | | - -d '{ |
510 | | - "user": { |
511 | | - "username": "<username>", |
512 | | - "realm": "DEFAULT" |
513 | | - }, |
514 | | - "properties": [ |
515 | | - { |
516 | | - "key": "RecoveryScenario", |
517 | | - "value": "EMAIL_VERIFICATION_OTP" |
518 | | - } |
519 | | - ] |
520 | | - }' |
521 | | - ``` |
522 | | - === "Sample request" |
523 | | -
|
524 | | - ``` |
525 | | - curl -X 'POST' \ |
526 | | - 'https://api.asgardeo.io/t/<org_name>/api/identity/user/v1.0/resend-code' \ |
527 | | - -H 'accept: application/json' \ |
528 | | - -H 'Authorization: Bearer <access_token>' \ |
529 | | - -H 'Content-Type: application/json' \ |
530 | | - -d '{ |
531 | | - "user": { |
532 | | - |
533 | | - "realm": "DEFAULT" |
534 | | - }, |
535 | | - "properties": [ |
536 | | - { |
537 | | - "key": "RecoveryScenario", |
538 | | - "value": "EMAIL_VERIFICATION_OTP" |
539 | | - } |
540 | | - ] |
541 | | - }' |
542 | | - ``` |
543 | | -
|
544 | | - --- |
545 | | - **Response** |
546 | | - ``` |
547 | | - "HTTP/1.1 201 Created" |
548 | | - ``` |
549 | | -
|
550 | | -5: Confirm email or validate OTP (One-Time Password) |
551 | | -
|
552 | | -You can verify the email using the confirmation link, or enter the OTP using the following API. |
553 | | -
|
554 | | -!!! abstract "" |
555 | | -
|
556 | | - === "Request format" |
557 | | -
|
558 | | - ```curl |
559 | | - curl -X 'POST' \ |
560 | | - 'https://api.asgardeo.io/t/<org_name>/api/identity/user/v1.0/validate-code' \ |
561 | | - -H 'Authorization: Bearer <access_token>' \ |
562 | | - -H 'Content-Type: application/json' \ |
563 | | - -d '{ |
564 | | - "code": "<CODE>" |
565 | | - }' |
566 | | - ``` |
567 | | - === "Sample request" |
568 | | -
|
569 | | - ``` |
570 | | - curl -X 'POST' \ |
571 | | - 'https://api.asgardeo.io/t/<org_name>/api/identity/user/v1.0/validate-code' \ |
572 | | - -H 'Authorization: Bearer <access_token>' \ |
573 | | - -H 'Content-Type: application/json' \ |
574 | | - -d '{ |
575 | | - "code": "c1KLdm" |
576 | | - }' |
577 | | - ``` |
578 | | - |
579 | | - --- |
580 | | - **Response** |
581 | | - ``` |
582 | | - "HTTP/1.1 202 Accepted" |
583 | | - ``` |
| 310 | + {: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"} |
0 commit comments