Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 4 Next »

Manage users in yuuvis® Momentum and in Keycloak via the Tenant Management API.

Table of Contents

Introduction

The Tenant Management API provided by the TENANT-MANAGEMENT service offers endpoints for user management via Keycloak. In order to scale the identity management, the KEYCLOAK-PROXY service can be used for the connection of multiple Keycloak instances. The endpoints of the Tenant Management API are called by the MANAGEMENT-CONSOLEMANAGEMENT-CONSOLE-CLIENT and ARCHITECT services.

This article describes the handling and representation formats of data for individual user accounts as retrieved and expected by the Tenant Management Endpoints.

User Management Endpoints

All endpoints for user management via the Tenant Management API are available via the Swagger UI https://<host>/tenant-management/swagger-ui.html. Some of them require an administrative role.

API SectionRequired User RoleAvailable User Management Endpoints
system-controller endpointsYUUVIS_SYSTEM_INTEGRATOR

GET /tenant-management/api/system/tenants/{tenant}/users/count

Retrieves the number of all users of the specified tenant



GET /tenant-management/api/system/tenants/{tenant}/users

Retrieves a list of all users of the specified tenant. As 2021 Autumn, the list can be filtered by applying query parameters.



POST /tenant-management/api/system/tenants/{tenant}/users

Creates a new user with the given properties for the specified tenant.



GET /tenant-management/api/system/tenants/{tenant}/users/{id}

Retrieves the data of the user specified by tenant and id.



PUT /tenant-management/api/system/tenants/{tenant}/users/{id}

Update the data of the user specified by tenant and id.



DELETE /tenant-management/api/system/tenants/{tenant}/users/{id}

Deletes the user specified by id of the specified tenant.





User Account Properties

The following properties for user accounts can be managed via the Tenant Management API.

PropertyTypein Creation Requestsin Update Requestsin Response BodiesDescription
idstringignoredrequiredincludedThe ID of the user for identification in the identity management system and in yuuvis® Momentum.
emailstringrequired if invitation via email is desiredoptionalincluded if availableThe e-mail address of the user.
firstNamestringoptionaloptionalincluded if availableThe first name of the user.
lastNamestringoptionaloptionalincluded if availableThe last name of the user.
roleslist of string role namesoptionalpartly removed if not specified (question)included if availableA list of roles defined in the identity management system that are assigned to the user.
groupslist of string group namesoptionalremoved if not specified (question)included if availableA list of groups defined in the identity management system in which the assigned user is a member.
usernamestringrequiredoptionalincludedThe username of the user.
enabledbooleanoptional, default: trueoptionalincludedSpecifies whether the user is allowed to log in (true) or not (false).
createdTimestamp(question)ignoredignoredincluded(question)

User Account Data Sets

For each user account represented in a request or response body, its properties are specified in JSON format. The order of the individual properties within one data set is arbitrary.

The following code block shows an example for a result list including the data sets of several user accounts. Such result list could be retrieved, e.g., by the endpoint GET /tenant-management/api/idm/users.

[
  {
    "id": "406b5a28-7a8b-4c36-a569-df7bff480375",
    "firstName": "Heinrich",
    "lastName": "Schuetzel",
    "roles": [
      "YUUVIS_SYSTEM_INTEGRATOR",
      "YUUVIS_DEFAULT",
      "YUUVIS_TENANT_ADMIN",
      "HR_MANAGER",
      "YUUVIS_CREATE_OBJECT",
      "YUUVIS_MANAGE_SETTINGS"
    ],
    "username": "newuser5",
    "enabled": true,
    "createdTimestamp": 1622122631393
  },
  {
    "id": "320c67d0-b88b-4e99-852a-b938f4b38cd7",
    "email": "kammer@segelreisen.de",
    "firstName": "Hannes",
    "lastName": "Kammer",
    "roles": [
      "YUUVIS_SYSTEM_INTEGRATOR",
      "YUUVIS_DEFAULT",
      "YUUVIS_TENANT_ADMIN",
      "YUUVIS_CREATE_OBJECT",
      "YUUVIS_MANAGE_SETTINGS",
      "YUUVIS_AI_PIPELINE",
      "COMPLIANCE_MANAGER",
      "YUUVIS_AI_PREDICT"
    ],
    "groups": [
      "onlyoffice"
    ],
    "username": "kammer",
    "enabled": true,
    "createdTimestamp": 1591957723730
  },
  {
    "id": "a6f5e1aa-ff42-4140-b9ec-5de4cc61f1a9",
    "email": "schwimmer@segelreisen.de",
    "firstName": "Klaus",
    "lastName": "Schwimmer",
    "roles": [
      "YUUVIS_SYSTEM_INTEGRATOR",
      "YUUVIS_DEFAULT",
      "INVOICE_MANAGER",
      "YUUVIS_TENANT_ADMIN",
      "HR_MANAGER",
      "YUUVIS_AIINVOICE",
      "EMAIL_WITHOUT_ACL",
      "QA_MEMBER_AREA2",
      "uma_authorization",
      "YUUVIS_CREATE_OBJECT",
      "TEAMS_MANAGER",
      "PHOTOARCHIVE_MANAGER",
      "YUUVIS_MANAGE_SETTINGS",
      "QA_MANAGER",
      "ACL_ALL_USERS",
      "YUUVIS_AI_PIPELINE",
      "QA_MEMBER_AREA1",
      "COMPLIANCE_MANAGER",
      "YUUVIS_AI_PREDICT",
      "offline_access"
    ],
    "username": "klaus",
    "enabled": true,
    "createdTimestamp": 1606820894094
  }
]

Summary

Read on

Another Tutorial

Brief summary of the article linked.

Another Concept Article

Brief summary of the article linked.

Another interesting Tutorial

Brief summary of the article linked.







  • No labels