What Is a User in Ztrust?
User in Ztrust is a digital identity that represents a person or entity in the platform; That can:
Be assigned roles (permissions)
Have attributes (e.g. name, email, department)
Use credentials (passwords, OTP, etc.) for authentication
Fig 3.4.a: List of available users Within the Users section, new users can be generated.
Additionally, you can view or modify various attributes associated with the user accounts.
You can use the search box to find a specific user.
Click the Refresh button to see the latest settings.
Fig 3.4.b: Refresh button to load the newly added or registered users You can also choose how many users you want to display on one screen. Select your preferred option from the dropdown menu as shown above.
Fig 3.4.c: Choose how many users you want to display on one screen You have two options for searching users: default search and attribute search.
Default search: This is the basic search feature where you can search through any part of the data.
Attribute search: After selecting Attribute search, you'll be prompted to choose the attribute with which you want to search for the user.
Fig 3.4.d: Search user based on data or attribute You can choose the specific key and value of the user/users you wish to search for.
Fig 3.4.e: Search user based on attribute After entering the Key-Value pair and clicking on the checkmark icon, you will be presented with the users matching that criteria.
You can select a specific user by checking the checkbox next to their name. If you wish to delete one or multiple users simultaneously, select the respective user/users and click on Delete user.
Fig 3.4.f: Option to delete user If you want to delete a single user, you can also click on the three dots next to that particular user and select the Delete option.
Upon selecting Delete, you will receive a prompt asking for confirmation, as shown below.
Fig 3.4.g: Conformation to delete the user If you wish to remove the user, click on Delete. Otherwise, click Cancel.
To generate a new user, click on Add User.
If you need guidance, refer to the steps mentioned under Creation of User.
Fig 3.4.h: Creation of a new user tab The Username, Email, First Name and Last Name can be edited or modified.
Required User Actions
Fig 3.4.i: Available required actions It includes the actions which the user needs to perform after logging in.
For example - verify Email sends an email to the user to verify their email address. Update Profile requires the user to update their profile.
This is a toggle button. When enabled (toggled ON), it enables the verification of a user's email address. When disabled (toggled OFF), the user's email address is not verified.
This is the name used by the user during creation.
It can also be used for logging into ZTrust.
The user's provided Email address during registration or in case the user has been created by the Admin. It can also be used for logging into ZTrust.
The user's First Name or the First Name provided during registration.
The Last Name provided by the user during registration, or the user's last name.
Fig 3.5.j: ContactNumber attribute This setting enables you to join different groups for the specific user.
Clicking on Join Groups will prompt the following:
Fig 3.4.k: List of groups to join user You can search for a specific group using the search box.
You can also choose how many groups you want to display on one screen. Select your preferred option from the dropdown menu as shown above.
Fig 3.4.l: choose how many groups you want to display on one screen Select the desired group by checking the checkbox next to it. After selecting the group, click on Join.
After clicking on Join, you will be directed to the screen below.
Fig 3.4.m: Selecting the group, click on Join You will see the group that you have joined for that specific user.
By clicking on the 'x' symbol, you can remove this user from the group.
If you've entered the details and wish to create a user, click on Create.
If you decide not to create a user, click on Cancel to discard the changes.
After clicking on Create, you will be directed to the screen below.
It is generated automatically once a user is created.
It indicates the time period when the user was created.
Required User Actions
Fig 3.4.o: Available required actions It includes the actions which the user needs to perform after logging in.
For example - verify Email sends an email to the user to verify their email address. Update Profile requires the user to update their profile.
This is a toggle button. When enabled (toggled ON), it enables the verification of a user's email address. When disabled (toggled OFF), the user's email address is not verified.
This is the name used by the user during creation.
It can also be used for logging into ZTrust.
The user's provided Email address during registration or in case the user has been created by the Admin. It can also be used for logging into ZTrust.
The user's First Name or the First Name provided during registration.
The Last Name provided by the user during registration, or the user's last name.
This attribute, created as needed, refers to the user's contact number.
Fig 3.4.p: User demo2 with no credentials In the Credentials tab, the administrator can set up the password for the user.
Additionally, the Admin user has the ability to delete or reset the user's password.
Upon selecting Set password, you will receive the prompt below.
Fig 3.4.q: Set the password for demo2 Enter the password that you wish to set for the end user.
Password Confirmation
Re-enter the password to confirm that it matches the one set previously.
This toggle button, when enabled (toggled ON), requires the user to change the password at the next login.
When toggled OFF, the user is not required to change the password.
You can toggle it ON or OFF according to your requirements.
After making changes, if you want to save the credentials, click on Save.
Upon clicking Save, you will receive the following prompt asking for confirmation.
Fig 3.4.r: Conformation to save the password Click on Save password if you want to save the credentials, otherwise click on Cancel.
If you decide not to save the credentials, click on Cancel.
After saving the credentials, you will be presented with the screen below.
Fig 3.4.s: demo2 user with credentials This indicates the type of credential, such as password or OTP (One-Time Password).
This refers to the label assigned by the user to identify the credential when presented as an option during login.
You can assign any value to it that aids in recognizing the credential.
It indicates the time period when the user was created.
This represents the technical details of the credential, which are not confidential.
By default, this information is hidden.
You can reveal the data for a credential by clicking on Show data…
Upon clicking on Show data…, you will be presented with a prompt containing the following details.
Fig 3.4.t: Password metadata These are mathematical functions that transform plaintext passwords into unique, fixed-size outputs known as hashes. These hashes are subsequently stored in databases.
It indicates how many times a password is hashed before being stored in the database.
Fig 3.4.u: Option to delete the password Fig 3.4.v: Reset password form In the Reset Password section, the Admin user can reset the password for the user.
In this tab, the Admin can configure the Password for the selected user.
Password Confirmation
The same Password must be entered again here to ensure accuracy in setting up the password.
When enabled (toggled ON), the user is required to change the password upon the next login. When disabled (OFF), the user is not prompted to change the password on the next login but can do so at their convenience.
As an Admin, when setting up a password for an end user and providing the necessary details as indicated above, you can save the password by clicking on Save.
Upon clicking Save, you will receive the following confirmation prompt:
Fig 3.4.w: Conformation to reset the password To proceed with resetting the password for the user, select Reset Password. Otherwise, click Cancel to abort the operation.
If the credentials are no longer required, choose Delete to remove them.
You can move the credentials up and down (by dragging the rows up and down) as per the priorities.
Fig 3.4.x: List of avaliables roles You can use the search box to find a specific role.
Hide inherited roles
Selecting this checkbox hides inherited roles, preventing you from seeing roles inherited from composites. To view inherited roles, simply uncheck this option.
Click the Refresh button to see the latest settings.
Fig 3.4.y: Choose how many roles you want to display on one screen You can also choose how many roles you want to display on one screen. Select your preferred option from the dropdown menu as shown above.
It includes the list of all the different roles that are already defined in ZTrust.
This pertains to roles explicitly assigned to users and those inherited from composite roles. It can have two values: True (indicating the role is inherited from composites) or False (indicating it is not inherited from any composite role).
It refers to the description for the role which will aid you in identifying its purpose.
This field can be localized by specifying a substitution variable with ${var-name} strings.
Fig 3.4.z: Option to unassign roles Upon clicking the three dots, you'll encounter the option to unassign the role for that specific user. After selecting Unassign, you will receive the following prompt asking for confirmation.
Fig 3.4.Aa: Confirmation to remove the role
Click on Remove to unassign the role, or click on Cancel to keep it assigned.
Fif 3.4.Ab: List of assigned roles You can select the checkbox for the specific role you want to assign with this role. Click on the checkbox to select the role, then click on Assign role.
Fig 3.4.Ac: Demouser in no groups added It includes Groups in which the user is a member.
To make the user a member of a specific group, select Join Groups.
Clicking on Join Groups will prompt the following:
Fig 3.4.Ad: Join demo user in avalible groups You can search for a specific group using the search box.
Fig 3.4.Ae: choose how many groups you want to display on one screen You can also choose how many groups you want to display on one screen. Select your preferred option from the dropdown menu as shown above.
Fig 3.4.Af: Select the group to assign the user Select the desired group by checking the checkbox next to it. After selecting the group, click on Join.
After clicking on Join, you will be directed to the screen below.
Fig 3.4.Ag: User is assigned to group You will see the group that you have joined for that specific user.
Click the Refresh button to see the latest settings.
Direct membership
This is useful if the user belongs to a child group.
By selecting this checkbox, you can directly see the child group the user is a member of. If the checkbox is unchecked, it will display both the child group and the parent group the user is part of.
You can search for a specific group using the search box.
Fig 3.4.Ah: Choose how many groups you want to display on one screen You can also choose how many groups you want to display on one screen. Select your preferred option from the dropdown menu as shown above.
Group membership
It specifies the name of the group.
It specifies the path where the group is present.
Fig 3.4.Ai: Path where the group is present If you wish to remove the user from the group, click on Leave.
After clicking on Leave, you will receive the following prompt asking for confirmation.
Fig 3.4.Aj: Confirmation to leave the user from group Click on Leave to remove the user from that group, or click on Cancel to keep them in the group.
To remove the user from multiple groups at once, select each group by clicking the checkbox next to it. Then, click Leave.
Fig 3.4.Ak: To remove the user from multiple groups at once A confirmation prompt will appear.
Fig 3.4.Al: Confirmation prompt will appear Click on Leave to confirm the removal, or click Cancel to abort.
Fig 3.4.Am: User has granted consent to access This tab provides information about the clients to which the user has granted consent to access, including the default client scopes and any additional client scopes granted.
Identity Provider links
Fig 3.4.An: Users to connect their accounts with other providers This section enables users to connect their accounts with other providers.
Fig 3.4.Ao: Active sessions tab Under Sessions, the admin can view the clients where this user has an active session along with the following details for each session.
Fig 3.4.Ap: Option to enable and desable the user When enabled (toggled ON), the user can log in.
If disabled (turned OFF) for any particular user, login access is restricted for that user.
This refers to the actions that can be performed on a user account, such as Impersonate or Delete.
Fig 3.4.Aq: Option to impersonate or delete the user Clicking on Impersonate allows you to log in as that user.
If the user is in the same realm as yours, your current session will be logged out before logging in as that user.
The user can be deleted on clicking the Delete button.
Fig 3.3.Ar: Conformation to delete the user Upon clicking Delete, you will receive a prompt as depicted above, requesting confirmation. Click Delete to remove that specific user, or click Cancel to retain them.
