Here you find common settings for all user directories.
Display options
At the top of the user directory editor there will be display options for the user directory. The current options include:
Enabled, this will enable/disable the user directory, if the user directory is disabled it cannot be used to login. If the user directory is enabled the Enabled text will be green.
Directory display name, this will change the display name of the user directory. This will be the name that will be found when selecting user directories.
Directory alias, this value is used by external apps, when they want to direct sign-in to a particular named user directory. These values are unique on a particular Trivore ID instance. When this value is defined, full URN value to reference this directory will be shown. Use OpenID Connect
acr_valuesquery parameter and this URN value to automatically redirect user to this user directory sign-in.Directory icon, is a small icon that will be usually shown next to the user directory display name. Custom directory icons can be uploaded. The max file size is 2 Megabytes.
Login translations
If you want to customise login button/select translations that are visible to user when selecting or signing in via this directory, you can do that in Login translations tab.
Directory login captions can be added for every language / locale you need, just press Add button and select appropriate language and country. In most cases, it is useful to only select translation language and leave country unselected unless you really need different translations for, for example, British and American English.
Directory login descriptions are currently not used but maybe used in future to provide additional details about this directory.
User information
Most of the following user attribute mappings are available in every supported user directory. Ignore any mappings not available in the directory type you are configuring. Default values differ between directory types.
Name of the field describes the attribute name in Trivore ID where the imported value will be stored. Value of the field should be attribute name in the external user directory. For example, Link ID is most commonly sub for OpenID Connect based directories (except Azure AD where one should use id instead).
Attribute mappings can take multiple values in order of preference, separated by comma.
Field | Description | Default value | Example |
|---|---|---|---|
Allow creating new users | Allow or deny creating new users. If you want to allow every user from directory to sign in to TrivoreID, you need to check this. If not checked, only existing users can link their accounts with external directory accounts | False (not checked) | N/A |
Link ID *required | Permanent, non-secretive user identifier from external directory that is used to identify the user. Value should be attribute name whose value never changes for the user, such as | Depends on directory |
|
Encrypt link ID using salted hash algorithm | Will encrypt the Link ID described above. This is needed if the Link ID values contain sensitive information such as social security numbers. | False (Not checked) | N/A |
How to handle conflicts with soft deleted users | Action to be performed upon detecting conflicts with soft deleted users. This situation can either cause conflict and deny sign-in or it can reactivate the existing account and replace it new user information. | Existing soft deleted user causes conflict. Sign in is not possible | N/A |
Username import policy | How to handle usernames in Trivore ID. This option exists in order to guarantee username uniqueness within a namespace, which is a technical requirement. You can choose to import usernames from an external directory but the preferred method is to generate them automatically using default settings. | Automatic namespace username policy (actual value depends on the configured policy in namespace settings) | N/A |
Username | Attribute from external directory that provides user’s username. Only available when using manual attribute selection policy for username. | Depends on directory |
|
Username prefix | Add username prefix with this literal value. This option is only shown if the “Manual attribute selection with prefix” username import policy is chosen. |
| N/A |
Username suffix | Add username suffix with this literal value. This option is only shown if the “Manual attribute selection with suffix” username import policy is chosen. |
| N/A |
Update username if it does match given settings | Update user’s username on every successful login if it does not match given settings. Username update is only done when signing in via user’s primary directory. | False (not checked) | N/A |
Friendly name | Friendly name for user’s external directory account that helps s/he identify it. Only useful if users are given access to manage their account links (add, edit, remove links). This value is shown in the dashboard panel on Account column (and in manage directory links window). | Depends on directory |
|
First name | Attribute from external directory that provides user’s first name. This is imported only from primary directory. | Depends on directory |
|
Last name | Attribute from external directory that provides user’s last name. This is imported only from primary directory. | Depends on directory |
|
Full name | Attribute from external directory that provides user’s full name, including both first and last name and possible middle names. This is only useful if separate attributes for first and last name are not available. This is imported only from primary directory. | Depends on directory |
|
Attribute from external directory that provides user’s email. | Depends on directory |
| |
Email verified | Attribute from external directory that provides user’s email verification information. Boolean attribute. | Depends on directory |
|
Mobile | Attribute from external directory that provides user’s mobile number. | Depends on directory |
|
Mobile verified | Attribute from external directory that provides user’s mobile number verification information. Boolean attribute. | Depends on directory |
|
Locale / language | Attribute from external directory that provides user’s language or localisation information. | Depends on directory |
|
Photo URL | Attribute from external that provides user’s photo URL. Actual implementation varies between different directory types. | Depends on directory |
|
Attribute mapper supports dot-separated syntax. For example, given the following json
"onPremisesExtensionAttributes": {
"extensionAttribute1": "value1",
"extensionAttribute2": "value2"
...
"extensionAttribute15": "value15"
}
extensionAttributes can be referenced like “onPremisesExtensionAttributes.extensionAttribute1“ and “onPremisesExtensionAttributes.extensionAttribute2.