User administration / Identity Manager

The BPC offers integrated user administration. The specific range of functions is determined by the identity provider (IdP) used Identity Provider (IdP) and the authorizations of the current user.

user management

The functions are also available via API. See Identity Management API.

Functions

The individual functions and the required authorizations (in the BPC) so that they can be used are described in more detail below. If several required authorizations are listed, at least one of them is always required, not all of them together.

You may need to store additional authorizations in your identity provider. This is particularly necessary for Keycloak. See Keycloak authorizations.

List users of the Identity Provider

Lists all users stored in the Identity Provider. The name and email address are displayed, if available.

Required BPC permissions

  • Role bpcadmin,

  • Role IDENTITY_MANAGER_ADMIN,

  • Right IDENTITY_MANAGER_USERS_READ

Display permissions of a user

Displays all organizations, roles and rights of a user if this is selected in the list of users.

Required BPC authorizations

  • Role bpcadmin,

  • Role IDENTITY_MANAGER_ADMIN,

  • Right IDENTITY_MANAGER_USER_ORGANISATIONS_READ,

  • Right IDENTITY_MANAGER_USER_ROLES_READ,

  • Right IDENTITY_MANAGER_USER_RIGHTS_READ

Creating new users

This function can be used to create new users in the Identity Provider.

Required BPC authorizations

  • Role bpcadmin,

  • Role IDENTITY_MANAGER_ADMIN,

  • Right IDENTITY_MANAGER_USERS_ADD

Editing user data

Editing user data such as name and e-mail.

RequiredBPCauthorizations

  • Role bpcadmin,

  • Role IDENTITY_MANAGER_ADMIN,

  • Right IDENTITY_MANAGER_USERS_UPDATE

Set password

Set the password of a user.

Required BPC authorizations

  • Role bpcadmin,

  • Role IDENTITY_MANAGER_ADMIN,

  • Right IDENTITY_MANAGER_USERS_UPDATE

Delete user

Deletes a user from the Identity Provider.

Required BPC authorizations

  • Role bpcadmin,

  • Role IDENTITY_MANAGER_ADMIN,

  • Right IDENTITY_MANAGER_USERS_UPDATE

Imitate user

Imitates another user in the system. You are then logged into the BPC with the permissions and identity of the other user.

See also Impersonate users with Keycloak.

Required BPC permissions

  • Role bpcadmin,

  • Role IDENTITY_MANAGER_ADMIN,

  • Right IDENTITY_MANAGER_USER_IMPERSONATE

Add / delete user permissions

This function can be used to assign or remove organizations, roles and permissions to users.

Required BPC permissions

  • Role bpcadmin,

  • Role IDENTITY_MANAGER_ADMIN,

  • Right IDENTITY_MANAGER_USERS_UPDATE

Keywords:
Press Esc to exit full screen
Modal image placeholder
Press Esc to exit full screen