Configure Domain User Systems
Define the types of Domain Users and their permissions. Enable organisations to add their users and delegate chosen parts of responsibilities to other employees.
For more explanation on how to successfully model an ecosystem/federation to fully reflect its needs and requirements, see the Modeling Ecosystems article.
Prerequisites
Get an Access Token with the directory:website scope - if you want to create
or manage types of technical users using Connect's APIs.
Add Domain User System
-
Select Reference Data > Domain Users Settings > New Domain User System.
-
Fill in the fields defining the domain user system and save.
Field Name Field description Example System Name Enter the domain user system name Sandbox Users System Description Description of the domain user system Users Managing Sandbox Environment
Add Domain User Type
-
From the list, select a user system and the + icon to add a domain user type.
-
Fill in the fields defining the technical user type and select Next.
Field Name Field description Example User Type Name Name of the user type Primary User User Type Description Description of the user type Primary users manage sandbox environment Linked Parent Role Linked parent role if available n/a -
Enable/disable the Directory Access checkbox to control whether the user has access to directory resources.
If disabled, no additional permissions are available for configuration.
Adding users without the directory access can be used if you want to enable them to have access scopes for other platforms that leverage the directory's SSO functionality even though they may not have any direct function in the directory itself.
-
Enable the checkboxes under to permissions you wish the user type to have.
For reference, see the User Type Access Levels and Available User Type Permissions sections.
-
Enable the Receive Email Notifications checkbox if needed.
The Receive Email Notifications setting defines whether the user will receive email notifications about any update to organisation's resources and configuration, for example, when a new organisation administrator is added.
-
Save.
User Type Access Levels
- Admin level access - user has the ability to view and modify all resources available within the platform.
When selecting an administrator-level permission, the user has the write access permission to all resources, not just those associated with their bound roles.
-
Write level access - grants the ability view and modify the selected resource
-
Read level access - grants the ability to view but not modify the selected resource
-
None - the user can neither view nor modify the selected resource
Available User Type Permissions
Available permissions:
-
Software Statements Access: Users can view and/or edit resources related to Applications and Assertion (SSA). For example, the user can register a new application and request a software statement assertion.
-
Domain User Access: Users can view and/or manage Platform Users within their organisation.
-
Organisation Certificates Access: Users can view and/or manage the certificates issued for their organisation including requesting new certificates.
-
Organisation Contacts Access: The users can view and/or edit their organisation's contact addresses.
-
Authorisation Server Access: The users can view and/or manage the authorisation servers registered for an organisation including publishing API resources within the platform.
Manage Domain User Systems Using APIs
Raidiam Connect allows organisations to integrate with the following APIs for Authorisation Domain User System and Type Management:
-
User System:
-
Update Authorisation Domain User System - includes the possibility to disable user system by setting its
statustoinactive
-
User Type:
-
Create Reference Data for New Authorisation Domain User Type
-
Update Authorisation Domain User Type - includes the possibility to disable user type by setting its
statustoinactive
-
