Here you find common settings for all user directories.
...
Enabled, this will enable/disable the user directory, if the user directory is disabled it cannot be used to login. If the user directory is enabled the Enabled text will be green.
Directory display name, this will change the display name of the user directory. This will be the name that will be found when selecting user directories.
Directory alias, this value is used by external apps, when they want to direct sign-in to a particular named user directory. These values are unique on a particular Trivore ID instance. When this value is defined, full URN value to reference this directory will be shown. Use OpenID Connect
acr_valuesquery parameter and this URN value to automatically redirect user to this user directory sign-in.Directory icon, is a small icon that will be usually shown next to the user directory display name. Custom directory icons can be uploaded. The max file size is 2 Megabytes.
...
Field | Description | Default value | Example |
|---|---|---|---|
Allow creating new users | Allow or deny creating new users. If you want to allow every user from directory to sign in to TrivoreID, you need to check this. If not checked, only existing users can link their accounts with external directory accounts | False (not checked) | N/A |
Link ID *required | Permanent, non-secretive user identifier from external directory that is used to identify the user. Value should be attribute name whose value never changes for the user, such as | Depends on directory |
|
Encrypt link ID using salted hash algorithm | Will encrypt the Link ID described above. This is needed if the Link ID values contain sensitive information such as social security numbers. | False (Not checked) | N/A |
How to handle conflicts with soft deleted users | Action to be performed upon detecting conflicts with soft deleted users. This situation can either cause conflict and deny sign-in or it can reactivate the existing account and replace it new user information. | Existing soft deleted user causes conflict. Sign in is not possible | N/A |
Username import policy | How to handle usernames in Trivore ID. This option exists in order to guarantee username uniqueness within a namespace, which is a technical requirement. You can choose to import usernames from an external directory but the preferred method is to generate them automatically using default settings. | Automatic namespace username policy (actual value depends on the configured policy in namespace settings) | N/A |
Username | Attribute from external directory that provides user’s username. Only available when using manual attribute selection policy for username. | Depends on directory |
|
Username prefix | Add username prefix with this literal value. This option is only shown if the “Manual attribute selection with prefix” username import policy is chosen. |
| N/A |
Username suffix | Add username suffix with this literal value. This option is only shown if the “Manual attribute selection with suffix” username import policy is chosen. |
| N/A |
Update username if it does match given settings | Update user’s username on every successful login if it does not match given settings. Username update is only done when signing in via user’s primary directory. | False (not checked) | N/A |
Friendly name | Friendly name for user’s external directory account that helps s/he identify it. Only useful if users are given access to manage their account links (add, edit, remove links). This value is shown in the dashboard panel on Account column (and in manage directory links window). | Depends on directory |
|
First name | Attribute from external directory that provides user’s first name. This is imported only from primary directory. | Depends on directory |
|
Last name | Attribute from external directory that provides user’s last name. This is imported only from primary directory. | Depends on directory |
|
Full name | Attribute from external directory that provides user’s full name, including both first and last name and possible middle names. This is only useful if separate attributes for first and last name are not available. This is imported only from primary directory. | Depends on directory |
|
Attribute from external directory that provides user’s email. | Depends on directory |
| |
Email verified | Attribute from external directory that provides user’s email verification information. Boolean attribute. | Depends on directory |
|
Mobile | Attribute from external directory that provides user’s mobile number. | Depends on directory |
|
Mobile verified | Attribute from external directory that provides user’s mobile number verification information. Boolean attribute. | Depends on directory |
|
Locale / language | Attribute from external directory that provides user’s language or localisation information. | Depends on directory |
|
Photo URL | Attribute from external that provides user’s photo URL. Actual implementation varies between different directory types. | Depends on directory |
|
Attribute mapper supports dot-separated syntax. For example, given the following json
| Code Block | ||
|---|---|---|
| ||
"onPremisesExtensionAttributes": {
"extensionAttribute1": "value1",
"extensionAttribute2": "value2"
...
"extensionAttribute15": "value15"
} |
extensionAttributes can be referenced like “onPremisesExtensionAttributes.extensionAttribute1“ and “onPremisesExtensionAttributes.extensionAttribute2.