...
- MyData, allows you to download all personal data on your account stored by Trivore Identity Service.
- Cluster members, allows you to view the current cluster members and their status.
- User details, allows you to view information about your current session and other useful user details.
- Accounts in namespace, allows you to view information on the current namespace.
- Account preferences, allows you to quickly perform actions related to your account.
- Personal Data Request (PDR), allows you to request Personal Data Requests on your account.
- Accounts that are linked with my account, allows you to view user accounts linked to your user.
Namespaces
As described briefly earlier, Trivore Identity Service is a multi-tenant system. A tenant is a customer organisation. A namespace in Trivore Identity Service roughly represents a tenant, and menu selection Namespaces is where tenants are managed. To make things more flexible, one customer organisation may have multiple namespaces, which can be managed with a single, or multiple user accounts (as needed). It is recommended to combine customer organisations (tenants) multiple namespaces together by defining a common prefix for the namespace code, when it is created. This is not mandatory, but makes managing the platform easier and less error-prone.
Below is a picture of Trivore Identity Service after selecting Namespaces on the Main Menu. This selection opens the list of namespaces. The current namespace will be highlighted in bold.
The selection buttons Add and Delete are rather intuitive, and deserve not much explanation. In the upright corner is a menu button Actions, which opens a menu for executing less common tasks, such as importing new namespace(s), exporting a selected existing namespace(s), exporting all existing namespaces, or printing a report on namespaces.
The configuration button will show you a drop-down menu, The following options within this drop-down menu are:
- Edit namespace, which will open the editor for the selected namespace.
- Default policies, which will open the default policies editor for the selected namespace.
- Outside user access, which will open a dialogue for managing users who do not belong to the namespace but are allowed access to it. You can add and remove the users from this dialogue.
This Main Menu selection is only available for user accounts with role Portal Admin or Portal Auditor.
Core
This tab contains the basic information about the namespace. Name given to namespace makes the namespace identifiable and unique. Other settings define some general settings used for all users in the namespace.
Perhaps the most important field is the decision on sign in naming policy. This can be changed later, but the new setting only affect user accounts created after the change. Sign-in names of user accounts created before the policy change are not affected.
The recommended setting is 8 random numbers for small namespaces or 10 random numbers with namespaces, where million or more user accounts are expected.
See the picture for currently available options for sign in account naming policy.
Tip: When creating a specially named service account, temporarily change the policy to “Manually defined” before creating the account, and then restore it to original preferred setting.
Another important field is the list of valid email address domains. If sign-in name based on email address is used, the email address domain part must be one of these domains. The domains are presented in the listed order on the drop-down menu. For convenience, you should have the primary email domain as first domain on the list.
If there is no real need for this limiting of domains, just leave the field empty, to allow any domain.
When entered, domain names may be separated with line feed (enter), comma (,), or semi-colon (;). They are packed and stored intelligently after selecting Save to save any changes made.
User interface
Here are the settings for allowing or disallowing the use of nicknames in the system, password recovery process, inviting new users including the validity time of invitation and access to full user preferences view.
Features
Use of external Lightweight Directory Access Protocol (LDAP) can be configured here as well as settings for sending SMS messages from the system.
...
Each onePortal™ namespace has its own private URI to sign in dialogue. This dialogue may also show organisations own logo instead of the general onePortal™ logo. It is also possible to add a namespace private external address which also shown this private sign in dialogue. These branding related settings are all defined in this tab.
Miscellaneous
Event Logging is an important part of organisation auditability. If organisation requires any kind of formal certification or has an internal security policy, Event Logging must remain enabled.
This tab contains the logging level settings for all events of the namespace.
Default Event Logging level is to log all events with severity level of Warning or more severe. Some organisations require this setting to be Information. For a short time for troubleshooting this setting can be increased to Debug. Leaving it to Debug for extended period of time will cause warnings to be logged to the Event Log. If the organisation has no special requirements for Event Logging, the log level could be increased to level Error.
Severity level Warning is the default, and is the recommended setting for Event Logging.
This tab also contains the settings for enforced acceptance of Terms and Conditions and Privacy Policy. Also, the legislation applied is set here.
Namespace admins
Here you can define the user accounts with Multi-namespace role, who may manage the namespace. This view is only available for Portal Admins and Portal Auditors.
Personal data
The settings of how the right to be forgotten as defined in the General Data Protection Regulation of European Union is administered in the namespace are defined here.
...
Standard system templates for sending email or SMS messages are selected by default. In case those need to be edited it can be done here.