User Management Profile

The User Management profile is concerned with managing user accounts and the resources associated with them.

User Management Profile

The User Management profile is concerned with managing user accounts and the resources associated with them, such as devices and delegations. For example, it might be desirable to let users manage their own account via a self-service portal , or for an administrator to be able to manage user accounts, and what permissions they have. As the User Management profile is linked to the Token profile, administrators are able to manage the delegations associated with a user profile, including revoking delegations (and consequently, tokens) owned by users.

The User Management profile abstracts the data sources and places a SCIM 2.0 API as the access layer on top. This enables the system to keep the user information in many places and use the Profile Service as an umbrella access layer.

User Management with SCIM 2.0 connected to LDAP, SQL, REST and another SCIM service
User Management with SCIM 2.0 connected to LDAP, SQL, REST and another SCIM service

It also exposes a GraphQL API to manage User Accounts which is exposed on a sibling endpoint to the SCIM API. These can be deployed independently but serve data from the same configured data source.

OAuth Protected#

The endpoints of the User Management Service are protected with OAuth access tokens. For this purpose the profile is connected to an OAuth profile in the configuration. Each access token is validated against the token-issuers configured for the OAuth profile. To make a request as shown in the examples, a valid access token must be presented in the Authorization header.

User Management Concepts#

The below links provide further details about the key concepts of the User Management profile:

Configuration

Create and configure a User Management Profile.

SCIM 2.0

Manage user profiles and associated resources using the SCIM 2.0 API.

GraphQL

Manage user profiles and associated resources using the GraphQL API.

Learn by Use Case#

The Curity website provides many learning resources where you can learn more about user management, API access and frontends for user administration:

Curity Online Training#

The best way to learn about user management is to create users, work with user attributes and return user data to APIs and applications in tokens. The Administrator Training Courses walk you through the process of exposing APIs, using Authorization Managers to control access, granting employees access to the DevOps Dashboard, and creating users with custom attributes.

Was this helpful?