Table of Contents |
Everything within this section is only visible while editing. Use Page Properties ID "STUB", "REFACTURE", "PROGRESS", "rDEV", "rDOC", "rLANG" and "DONE". Everything contained within the table is displayed in the (INTERNAL) Reports page.
Resources & Remarks Links, Pictures, whatever Modification History Add a new line to this table and fill it whenever you edit the page.
|
Manage users in yuuvis® Momentum and in Keycloak via the Tenant Management API. |
|
The Tenant Management API provided by the TENANT-MANAGEMENT service offers endpoints for user management via Keycloak. In order to scale the identity management, the KEYCLOAK-PROXY service can be used for the connection of multiple Keycloak instances. The endpoints of the Tenant Management API are called by the MANAGEMENT-CONSOLE, MANAGEMENT-CONSOLE-CLIENT and ARCHITECT services.
This article describes the handling and representation formats of data for individual user accounts as retrieved and expected by the Tenant Management Endpoints.
All endpoints for user management via the Tenant Management API are available via the Swagger UI https://<host>/tenant-management/swagger-ui.html. Some of them require an administrative role.
| API Section | Required User Role | Available User Management Endpoints | |
|---|---|---|---|
| system-controller endpoints | YUUVIS_SYSTEM_INTEGRATOR | ||
| GET /tenant-management/api/system/tenants/{tenant}/users | |||
| POST /tenant-management/api/system/tenants/{tenant}/users | |||
| GET /tenant-management/api/system/tenants/{tenant}/users/{id} | |||
| PUT /tenant-management/api/system/tenants/{tenant}/users/{id} | |||
| DELETE /tenant-management/api/system/tenants/{tenant}/users/{id} | |||
The following properties for user accounts can be managed via the Tenant Management API.
| Property | Type | in Creation Requests | in Update Requests | in Response Bodies | Description |
|---|---|---|---|---|---|
id | string | ignored | required | included | The ID of the user for identification in the identity management system and in yuuvis® Momentum. |
email | string | required if invitation via email is desired | optional | included if available | The e-mail address of the user. |
firstName | string | optional | optional | included if available | The first name of the user. |
lastName | string | optional | optional | included if available | The last name of the user. |
roles | list of string role names | optional | partly removed if not specified  | included if available | A list of roles defined in the identity management system that are assigned to the user. |
groups | list of string group names | optional | removed if not specified | included if available | A list of groups defined in the identity management system in which the assigned user is a member. |
username | string | required | optional | included | The username of the user. |
enabled | boolean | optional, default: true | optional | included | Specifies whether the user is allowed to log in (true) or not (false). |
createdTimestamp | | ignored | ignored | included | |
For each user account represented in a request or response body, its properties are specified in JSON format. The order of the individual properties within one data set is arbitrary.
The following code block shows an example for a result list including the data sets of several user accounts. Such result list could be retrieved, e.g., by the endpoint GET /tenant-management/api/idm/users.
[
{
"id": "406b5a28-7a8b-4c36-a569-df7bff480375",
"firstName": "Heinrich",
"lastName": "Schuetzel",
"roles": [
"YUUVIS_SYSTEM_INTEGRATOR",
"YUUVIS_DEFAULT",
"YUUVIS_TENANT_ADMIN",
"HR_MANAGER",
"YUUVIS_CREATE_OBJECT",
"YUUVIS_MANAGE_SETTINGS"
],
"username": "newuser5",
"enabled": true,
"createdTimestamp": 1622122631393
},
{
"id": "320c67d0-b88b-4e99-852a-b938f4b38cd7",
"email": "kammer@segelreisen.de",
"firstName": "Hannes",
"lastName": "Kammer",
"roles": [
"YUUVIS_SYSTEM_INTEGRATOR",
"YUUVIS_DEFAULT",
"YUUVIS_TENANT_ADMIN",
"YUUVIS_CREATE_OBJECT",
"YUUVIS_MANAGE_SETTINGS",
"YUUVIS_AI_PIPELINE",
"COMPLIANCE_MANAGER",
"YUUVIS_AI_PREDICT"
],
"groups": [
"onlyoffice"
],
"username": "kammer",
"enabled": true,
"createdTimestamp": 1591957723730
},
{
"id": "a6f5e1aa-ff42-4140-b9ec-5de4cc61f1a9",
"email": "schwimmer@segelreisen.de",
"firstName": "Klaus",
"lastName": "Schwimmer",
"roles": [
"YUUVIS_SYSTEM_INTEGRATOR",
"YUUVIS_DEFAULT",
"INVOICE_MANAGER",
"YUUVIS_TENANT_ADMIN",
"HR_MANAGER",
"YUUVIS_AIINVOICE",
"EMAIL_WITHOUT_ACL",
"QA_MEMBER_AREA2",
"uma_authorization",
"YUUVIS_CREATE_OBJECT",
"TEAMS_MANAGER",
"PHOTOARCHIVE_MANAGER",
"YUUVIS_MANAGE_SETTINGS",
"QA_MANAGER",
"ACL_ALL_USERS",
"YUUVIS_AI_PIPELINE",
"QA_MEMBER_AREA1",
"COMPLIANCE_MANAGER",
"YUUVIS_AI_PREDICT",
"offline_access"
],
"username": "klaus",
"enabled": true,
"createdTimestamp": 1606820894094
}
] |
Brief feedback on what the reader has learned by reading the article. Use this space for rephrasing and for additional hints concerning practical application of the learned content. Make sure to link tutorials and concept articles related to the topic. Example: This article gave an overview of the authentication methods supported by yuuvis® Momentums authentication service. For rapid and easy testing or as practical application as an identity management platform, allowing the integration of different distinct identity providers ("user federation"), keycloak is an excellent tool, its usage being exemplified in one of the tutorials linked below.
Read on
|