The User Management service is concerned with managing user profiles and the resources associated with them, such as devices and delegations. For example, it might be desirable to let users manage their own account via a protected user interface, or for an administrator to be able to manage user accounts, and what permissions they have. As the User Management Service is connected to the Security Token Service, administrators are able to manage the delegations associated with a user profile, including revoking delegations (and consequently, tokens) owned by users.

The User Management Service abstracts the data sources and places a SCIM 2.0 API as the access layer on top. This enables the system to keep the user information in many places and use the Profile Service as an umbrella access layer.


Fig. 171 User Management with SCIM 2.0 connected to LDAP, SQL, REST and another SCIM service

It also exposes a GraphQL API to manage User Accounts which is exposed on a sibling endpoint to the SCIM API. These can be deployed independently but serve data from the same configured data source.