Users
Last updated
Last updated
Within the Users section, new users can be generated.
Additionally, you can view or modify various attributes associated with the user accounts.
Select View All Users to see all the different Users created within this Realm.
If a user is temporarily locked, you have the ability to unlock all temporarily locked users by selecting Unlock User.
To generate a new user, click on Add User.
It is generated automatically once a user is created.
This is the name used by the user during creation.
It can also be used for logging into ZTrust.
The user's provided Email address during registration or in case the user has been created by the Admin. It can also be used for logging into ZTrust.
The Last Name provided by the user during registration, or the user's last name.
The user's First Name or the First Name provided during registration.
This comprises the available actions that can be performed on a User Account, including Edit, Impersonate, or Delete action.
Clicking on Edit for a specific user allows for modification of the user details as needed.
Clicking on Impersonate allows you to log in as that user.
If the user is in the same realm as yours, your current session will be logged out before logging in as that user.
The user can be deleted on clicking the Delete button.
Upon selecting Edit, you will be directed to the screen below.
The Username, Email, First Name and Last Name can be edited or modified.
This is the name used by the user during creation.
It can also be used for logging into ZTrust.
The user's provided Email address during registration or in case the user has been created by the Admin. It can also be used for logging into ZTrust.
The user's First Name or the First Name provided during registration.
The Last Name provided by the user during registration, or the user's last name.
When enabled (toggled ON), the user can log in.
If disabled (turned OFF) for any particular user, login access is restricted for that user.
This is a toggle button. When enabled (toggled ON), it enables the verification of a user's email address. When disabled (toggled OFF), the user's email address is not verified.
It includes the actions which the user needs to perform after logging in.
For example - verify Email sends an email to the user to verify their email address. Update Profile requires the user to update their profile.
Clicking on Impersonate under Impersonate User allows you to log in as that user.
If the user is in the same realm as yours, your current session will be logged out before logging in as that user.
In the Attributes section, various Attributes can be specified for a particular user.
For example - phone number has been defined for this user, as illustrated above.
In the Key section, the variable or attribute is specified.
The corresponding value for that specific attribute is entered in the Value field.
It involves actions to either Add any new attribute or Delete the attributes defined for that specific user.
Once you have defined the Key-Value pair, click Add to save the changes.
To remove the Key-Value pair if it is no longer needed, click on Delete.
In the Credentials tab, the administrator can set up the password for the user.
Additionally, the Admin user has the ability to delete or reset the user's password.
In the Manage Credentials section, you can oversee and handle the various credentials associated with a user.
You can adjust the priority of credentials by simply dragging and dropping rows through the arrow buttons.
The new sequence establishes the priority of the credentials assigned to that user.
The credential at the top holds the highest priority, determining its display order following a user's login.
This indicates the type of credential, such as password or OTP (One-Time Password).
This refers to the label assigned by the user to identify the credential when presented as an option during login.
You can assign any value to it that aids in recognizing the credential.
This represents the technical details of the credential, which are not confidential.
By default, this information is hidden.
You can reveal the data for a credential by clicking on Show data…
Upon clicking on Show data…, you will be presented with a prompt containing the following details.
These are mathematical functions that transform plaintext passwords into unique, fixed-size outputs known as hashes. These hashes are subsequently stored in databases.
It indicates how many times a password is hashed before being stored in the database.
This encompasses the available actions that can be performed on the credentials, including Delete or Save.
If the credentials are no longer needed, select Delete to remove them.
If you've made some adjustments and wish to apply them, click on Save.
Upon clicking Delete, you will receive the following prompt, seeking confirmation:
To proceed with deleting the specific set of credentials, select Delete. Otherwise, click Cancel to abort the operation.
In the Reset Password section, the Admin user can reset the password for the user.
In this tab, the Admin can configure the Password for the selected user.
The same Password must be entered again here to ensure accuracy in setting up the password.
When enabled (toggled ON), the user is required to change the password upon the next login. When disabled (OFF), the user is not prompted to change the password on the next login but can do so at their convenience.
As an Admin, when setting up a password for an end user and providing the necessary details as indicated above, you can save the password by clicking on Set Password.
Upon clicking Set Password, you will receive the following confirmation prompt:
To proceed with resetting the password for the user, select Reset Password. Otherwise, click Cancel to abort the operation.
It lists all the Available Realm Roles that a user can be assigned to. It includes roles that are effectively designated but not explicitly assigned.
It consists of the Realm Roles that have already been assigned to the user.
It encompasses all Realm Role Mappings.
Certain roles may be derived from a mapped composite role.
If you want to move any of the Available Roles to Assigned Roles, select the Role and click on Add Selected.
If you want to delete any of the Assigned Roles, select the Role and then click on Remove Selected.
Client roles are namespaces designated for clients, with each client having its own namespace.
These roles are managed within the Roles tab specific to each client.
You can assign the role to a particular client by selecting the preferred option from the dropdown menu.
It includes Groups in which the user is a member.
If you want to see all the groups that the User belongs to, simply click on View All Groups.
If you want to exit a specific Group of which the User is a member, select that particular group and click on Leave.
It includes all the groups that a User can join.
If you want to see all the Groups present within the Realm, which the User can join, click on View All Groups.
If you want the user to Join any specific Group, then select the Group Name and click on Join.
This tab provides information about the clients to which the user has granted consent to access, including the default client scopes and any additional client scopes granted.
It designates the name of the client or the client ID.
It specifies the client scopes assigned to that specific client.
It specifies any additional grants permitted for that particular client.
It indicates the time period during which this was created.
It specifies the time period during which it was last updated.
It represents the activities or operations executed by the user specifically within the context of this client.
Under Sessions, the admin can view the clients where this user has an active session along with the following details for each session.
It indicates the IP Address associated with the session.
It indicates the time at which the session was initiated.
It represents the timestamp indicating the last access time of the session.
It denotes the clients that were most recently accessed during this session.
It denotes the activities or actions carried out by the user within the session.
To sign out of all active sessions for this specific user, select the option Log Out All sessions.
This section enables users to connect their accounts with other providers.
Upon clicking Create, you will be directed to the screen below.
This indicates the selected Identity Provider from the dropdown menu during the creation of the Identity Provider link.
This indicates the distinct ID of the user on the Identity Provider's end.
This pertains to the user's username as registered on the Identity Provider's platform.
Once you've entered the aforementioned details, to preserve the linking of the identity provider, select Save.
If you prefer not to apply the modifications, select Reset to discard them.
On clicking on Save, you will be redirected to the below screen.
It refers to the Identity Provider which was selected from the dropdown for Identity Provider while creating the Identity Provider link.
This denotes the unique ID of the user within the Identity Provider's system.
It specifies the Identity Provider User ID that was configured during the creation of the Identity Provider link.
This refers to the username of the user as recorded within the Identity Provider's system.
It details the Identity Provider Username set during the setup of the Identity Provider link.
This comprises the available actions for managing the Identity Provider link, such as Delete.
If you no longer wish to maintain the Identity Provider links, click on Remove.
Upon doing so, you'll receive a prompt below, seeking confirmation.
Choose Delete to proceed with deleting the Identity Provider Link, or select Cancel to retain it.
If you need guidance, refer to the steps mentioned under .
