# Users

Within the Users section, new users can be generated. Additionally, you can view or modify various attributes associated with the user accounts.

Select View All Users to see all the different Users created within this Realm. #### **Unlock User** If a user is temporarily locked, you have the ability to unlock all temporarily locked users by selecting Unlock User. #### **Add User** To generate a new user, click on Add User. If you need guidance, refer to the steps mentioned under [Creation of a User](https://ztrust.gitbook.io/ztrust-documentation/user-manual-ztrust-v1.0/admin-manual/creation-of-a-user). #### **ID** It is generated automatically once a user is created. #### **Username** This is the name used by the user during creation. It can also be used for logging into ZTrust. #### **Email** The user's provided Email address during registration or in case the user has been created by the Admin. It can also be used for logging into ZTrust. #### **Last Name** The Last Name provided by the user during registration, or the user's last name. #### **First Name** The user's First Name or the First Name provided during registration. #### **Actions** This comprises the available actions that can be performed on a User Account, including Edit, Impersonate, or Delete action. #### **Edit** Clicking on Edit for a specific user allows for modification of the user details as needed. #### **Impersonate** Clicking on Impersonate allows you to log in as that user. If the user is in the same realm as yours, your current session will be logged out before logging in as that user. #### **Delete** The user can be deleted on clicking the Delete button. Upon selecting Edit, you will be directed to the screen below.

The Username, Email, First Name and Last Name can be edited or modified. #### **Username** This is the name used by the user during creation. It can also be used for logging into ZTrust. #### **Email** The user's provided Email address during registration or in case the user has been created by the Admin. It can also be used for logging into ZTrust. #### **First Name** The user's First Name or the First Name provided during registration. #### **Last Name** The Last Name provided by the user during registration, or the user's last name. #### **User Enabled** When enabled (toggled ON), the user can log in. If disabled (turned OFF) for any particular user, login access is restricted for that user. #### **Email Verified** This is a toggle button. When enabled (toggled ON), it enables the verification of a user's email address. When disabled (toggled OFF), the user's email address is not verified. #### **Required User Actions**

It includes the actions which the user needs to perform after logging in. For example - verify Email sends an email to the user to verify their email address. Update Profile requires the user to update their profile. #### **Impersonate User** Clicking on Impersonate under Impersonate User allows you to log in as that user. If the user is in the same realm as yours, your current session will be logged out before logging in as that user.

In the Attributes section, various Attributes can be specified for a particular user. For example - phone number has been defined for this user, as illustrated above. #### **Key** In the Key section, the variable or attribute is specified. #### **Value** The corresponding value for that specific attribute is entered in the Value field. #### **Actions** It involves actions to either Add any new attribute or Delete the attributes defined for that specific user. #### **Add** Once you have defined the Key-Value pair, click Add to save the changes. #### **Delete** To remove the Key-Value pair if it is no longer needed, click on Delete.

In the Credentials tab, the administrator can set up the password for the user. Additionally, the Admin user has the ability to delete or reset the user's password.

In the Manage Credentials section, you can oversee and handle the various credentials associated with a user. #### **Position** You can adjust the priority of credentials by simply dragging and dropping rows through the arrow buttons. The new sequence establishes the priority of the credentials assigned to that user. The credential at the top holds the highest priority, determining its display order following a user's login. #### **Type** This indicates the type of credential, such as password or OTP (One-Time Password). #### **User Label** This refers to the label assigned by the user to identify the credential when presented as an option during login. You can assign any value to it that aids in recognizing the credential. #### **Data** This represents the technical details of the credential, which are not confidential. By default, this information is hidden. You can reveal the data for a credential by clicking on Show data… Upon clicking on Show data…, you will be presented with a prompt containing the following details.

#### **Algorithms** These are mathematical functions that transform plaintext passwords into unique, fixed-size outputs known as hashes. These hashes are subsequently stored in databases. #### **hashIterations** It indicates how many times a password is hashed before being stored in the database. #### **Actions** This encompasses the available actions that can be performed on the credentials, including Delete or Save. #### **Delete** If the credentials are no longer needed, select Delete to remove them. #### **Save** If you've made some adjustments and wish to apply them, click on Save. Upon clicking Delete, you will receive the following prompt, seeking confirmation:

To proceed with deleting the specific set of credentials, select Delete. Otherwise, click Cancel to abort the operation.

In the Reset Password section, the Admin user can reset the password for the user. #### **Password** In this tab, the Admin can configure the Password for the selected user. #### **Password Confirmation** The same Password must be entered again here to ensure accuracy in setting up the password. #### **Temporary** When enabled (toggled ON), the user is required to change the password upon the next login. When disabled (OFF), the user is not prompted to change the password on the next login but can do so at their convenience. #### **Set Password** As an Admin, when setting up a password for an end user and providing the necessary details as indicated above, you can save the password by clicking on Set Password. Upon clicking Set Password, you will receive the following confirmation prompt:

To proceed with resetting the password for the user, select Reset Password. Otherwise, click Cancel to abort the operation.

#### **Realm Roles** #### **Available Roles** It lists all the Available Realm Roles that a user can be assigned to. It includes roles that are effectively designated but not explicitly assigned. #### **Assigned Roles** It consists of the Realm Roles that have already been assigned to the user. #### **Effective Roles** It encompasses all Realm Role Mappings. Certain roles may be derived from a mapped composite role.

If you want to move any of the Available Roles to Assigned Roles, select the Role and click on Add Selected.

If you want to delete any of the Assigned Roles, select the Role and then click on Remove Selected. #### **Client Roles**

Client roles are namespaces designated for clients, with each client having its own namespace. These roles are managed within the Roles tab specific to each client. You can assign the role to a particular client by selecting the preferred option from the dropdown menu.

#### **Group Membership** It includes Groups in which the user is a member. #### **View All Groups** If you want to see all the groups that the User belongs to, simply click on View All Groups. #### **Leave**

If you want to exit a specific Group of which the User is a member, select that particular group and click on Leave. #### **Available Groups** It includes all the groups that a User can join. #### **View All Groups** If you want to see all the Groups present within the Realm, which the User can join, click on View All Groups. #### **Join**

If you want the user to Join any specific Group, then select the Group Name and click on Join.

#### **Consents** This tab provides information about the clients to which the user has granted consent to access, including the default client scopes and any additional client scopes granted. #### **Client** It designates the name of the client or the client ID. #### **Granted Client Scopes** It specifies the client scopes assigned to that specific client. #### **Additional Grants** It specifies any additional grants permitted for that particular client. #### **Created** It indicates the time period during which this was created. #### **Last updated** It specifies the time period during which it was last updated. #### **Action** It represents the activities or operations executed by the user specifically within the context of this client.

#### **Sessions** Under Sessions, the admin can view the clients where this user has an active session along with the following details for each session. #### **IP Address** It indicates the IP Address associated with the session. #### **Started** It indicates the time at which the session was initiated. #### **Last Access** It represents the timestamp indicating the last access time of the session. #### **Clients** It denotes the clients that were most recently accessed during this session. #### **Actions** It denotes the activities or actions carried out by the user within the session. #### **Log out All sessions** To sign out of all active sessions for this specific user, select the option Log Out All sessions.

#### **Identity Provider Links** This section enables users to connect their accounts with other providers. #### **Create** Upon clicking Create, you will be directed to the screen below.

#### **Identity Provider**

This indicates the selected Identity Provider from the dropdown menu during the creation of the Identity Provider link. #### **Identity Provider User ID** This indicates the distinct ID of the user on the Identity Provider's end. #### **Identity Provider Username** This pertains to the user's username as registered on the Identity Provider's platform. #### **Save** Once you've entered the aforementioned details, to preserve the linking of the identity provider, select Save. #### **Reset** If you prefer not to apply the modifications, select Reset to discard them. On clicking on Save, you will be redirected to the below screen.

#### **Identity Provider Alias** It refers to the Identity Provider which was selected from the dropdown for Identity Provider while creating the Identity Provider link. #### **Provider User ID** This denotes the unique ID of the user within the Identity Provider's system. It specifies the Identity Provider User ID that was configured during the creation of the Identity Provider link. #### **Provider Username** This refers to the username of the user as recorded within the Identity Provider's system. It details the Identity Provider Username set during the setup of the Identity Provider link. #### **Actions** This comprises the available actions for managing the Identity Provider link, such as Delete. #### **Remove** If you no longer wish to maintain the Identity Provider links, click on Remove. Upon doing so, you'll receive a prompt below, seeking confirmation.

Choose Delete to proceed with deleting the Identity Provider Link, or select Cancel to retain it.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ztrust.gitbook.io/ztrust-documentation/user-manual-ztrust-v1.0/guide-to-navigation/users.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.