This documentation is for WSO2 Identity Server 5.1.0. View documentation for the latest release.
Configuring Users - Identity Server 5.1.0 - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

To enable users to log into the IS Management Console, you create user accounts and assign them roles, which are sets of permissions. You can add individual users or import users in bulk. The following sections list out the various ways to configure your users.

 

Adding a new user and assigning roles 

Follow the instructions below to add a new user account and configure its role.

  1. On the Main tab in the Management Console, click Add under Users and Roles.
  2. Click Users. This link is only visible to users with the Admin role. 
  3. Click Add New User. The following screen appears.
     
  4. Do the following:
    1. In the Domain list, specify the user store where you want to create this user account. This includes the list of user stores you configured. See Configuring the Realm for more information.
    2. Enter a unique user name and the password that the person will use to log in. By default, the password must be at least five characters.
    3. Click Next. Click Finish here if the following step is not relevant.
  5. Optionally, select the role(s) you want this user to have. If you have many roles in your system, you can search for them by name.
  6. Click Finish.

A new user account is created with the specified roles and is listed on the Users page.

Creating users using the ask password option

See the Creating users using the ask password option page for guidance on user creation using the ask password option.

Create user using SCIM

Instead of creating the user through the management console, it can also be done using a SCIM request as seen below.

 In the request, you can avoid giving the password of new user by enabling ask password option and giving the email address of the user in the request so that the user will get an email to that email address for confirming the account and setting the password.

Request
curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"familyName","givenName":"givenName"},"userName":"username","password":"password","emails":[{"primary":true,"value":"wso2_home.com","type":"home"},{"value":"wso2_work.com","type":"work"}]}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users
Response
{"id":"0d2714d0-6a33-4ddd-b4e0-612584c4a8c8","schemas":["urn:scim:schemas:core:1.0"],"name":{"familyName":"familyName","givenName":"givenName"},"userName":"username","emails":[{"value":"wso2_home.com","type":"home"},{"value":"wso2_work.com","type":"work"}],"meta":{"lastModified":"2016-01-25T11:44:14","location":"https://localhost:9443/wso2/scim/Users/0d2714d0-6a33-4ddd-b4e0-612584c4a8c8","created":"2016-01-25T11:44:14"}} 
Create user using SOAP
The user can also be created by calling the RemoteUserStoreManager service.
  1. Open the following Admin Service from SOAP UI : https://localhost:9443/services/RemoteUserStoreManagerService?wsdl  
  2. Call the addUser() method to create the user and make sure to give the email address of the user similiar to the SOAP request below: 

    SOAP Request
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org" xmlns:xsd="http://common.mgt.user.carbon.wso2.org/xsd">
       <soapenv:Header/>
       <soapenv:Body>
          <ser:addUser>
    
             <ser:userName>username</ser:userName>
    
             <!--Zero or more repetitions:-->
             <ser:roleList>admin</ser:roleList>
    
             <!--Zero or more repetitions:-->
             <ser:claims>
                <xsd:claimURI>http://wso2.org/claims/emailaddress</xsd:claimURI>
                <xsd:value>wso2demomail@gmail.com</xsd:value>
             </ser:claims>
    
             <ser:profileName>default</ser:profileName>
    
             <ser:requirePasswordChange>true</ser:requirePasswordChange>
          </ser:addUser>
       </soapenv:Body>
    </soapenv:Envelope>

    There will be no SOAP response as this is a one way SOAP operation. You can check successful creation of the user account using the management console by clicking Users and Roles>Users>List under the Configure section.

Importing users

In addition to manually adding individual users, you can import multiple users in bulk if you have exported them to a comma-separated values (.csv) file or Microsoft Excel (.xls) file.

Note the following before you use this feature: 

  • If the option to import users in bulk is not enabled in your product by default, you can enable it by adding the following property to the JDBC user store configured in the user-mgt.xml file (stored in the <PRODUCT_HOME>/repository/conf directory). Please see the User Store management section for more information.

    <Property name="IsBulkImportSupported">true</Property>
  • It is recommended to upload a maximum of 500,000 users at a time. If you need to upload more users, you can upload them in separate batches of 500,000 each.
  • You can also specify the size of the file that you can upload to the product in the <PRODUCT_HOME>/repository/conf/carbon.xml file using the TotalFileSizeLimit element as shown below. This value is in MB.

    <TotalFileSizeLimit>100</TotalFileSizeLimit>

Creating a file with users

You must first create a CSV file or an Excel file with the user information. It is possible to import the username and password directly from the CSV/Excel to the product. Other user attributes can be imported if claim URls are defined for such attributes. Shown below are the claim URls that are defined be default in WSO2 IS. These will allow you to import the user's email addresscountrygiven name etc. in addition to the username and password.

  • http://wso2.org/claims/country
  • http://wso2.org/claims/emailaddress
  • http://wso2.org/claims/givenname
  • http://wso2.org/claims/im
  • http://wso2.org/claims/lastname
  • http://wso2.org/claims/mobile
  • http://wso2.org/claims/organization
  • http://wso2.org/claims/role
  • http://wso2.org/claims/streetaddress
  • http://wso2.org/claims/telephone
  • http://wso2.org/claims/url

The username, password and other attributes (claim URls) that you import should be given in a CSV file as shown below. Note that the first line of the file will not be imported considering that it is not a username.

UserName,Password,Claims
name1,Password1,http://wso2.org/claims/emailaddress=name1@gmail.com,http://wso2.org/claims/country=France
name2,Password2,http://wso2.org/claims/emailaddress=name2@gmail.com,http://wso2.org/claims/country=France
name3,Password3,http://wso2.org/claims/emailaddress=name3@gmail.com,http://wso2.org/claims/country=France

In WSO2 IS, you can choose to leave the password empty as shown by the third line in the below sample file. To use this option, you need to first enable the Ask Password option for the server.

UserName,Password,Claims
name1,Password1,http://wso2.org/claims/emailaddress=name1@gmail.com,http://wso2.org/claims/country=France
name2,Password2,http://wso2.org/claims/emailaddress=name2@gmail.com,http://wso2.org/claims/country=France
name3,,http://wso2.org/claims/emailaddress=name3@gmail.com,http://wso2.org/claims/country=France

Importing users from the CSV/Excel file

To import users in bulk:

  1. Log in to the management console.
  2. Click Add under Users and Roles in the Configure menu.
  3. In the Add Users and Roles screen, click Bulk Import Users.
  4. The user stores configured for your product will be listed in the Domain field. Select the user store to which you want to import the users from the list.
  5. Click Choose File to give the path to the CSV/Excel file that contains the users that you want to import.
  6. Click Finish to start importing.

The default password of the imported users is valid only for 24 hours. As the system administrator, you can resolve issues of expired passwords by logging in as the Admin and changing the user's password from the User Management -> Users page. The 'Everyone' role will be assigned to the users by default.

Searching for users

Once you have added a user in the Identity Server, you can search for the user by doing the following.

  1. On the Main tab in the Management Console, click List under Users and Roles.
  2. Click Users. This link is only visible to users with the Admin role. The following screen appears.
    You can search for users by doing one of the following.
    • Search by Domain
      1. Select the user store that the user resides in using the Select Domain dropdown.
      2. Enter the user name of the user and click Search Users. For users to be listed, you must use the exact name of the user, or use a username pattern by including *. For example, if you have a user named Don, you can either search for this user by searching for "Don", or you could search for "D*" to list out all the users with names beginning with D.
      3. The user is displayed in the list.

    • Search by Claim
      1. Select the relevant claim URI from the Select Claim Uri dropdown and enter the claim value in the user name field. 
      2. Click on Search Users

Customizing the user's roles and permissions

Each role specifies a set of permissions that the user will have when assigned that role. After creating a user, you can assign  roles for that user by clicking Assign Roles in the Actions column. To see or remove roles of a user, click View Users next to the role.

You can also customize which permissions apply to this user by clicking View Roles in the Actions column of the Users screen and then selecting the permissions from each role that you want this user to have. 

Customizing a user's profile

Each individual user has a profile that can be updated to include various details. To do this, click User Profile on the Users screen. Make the changes required and click Update.

You can also add multiple profiles for a user. Claim Management can be used to update the details that are shown in the User Profile page. 

Note: You can only add new profiles if you are connected to a JDBC user store. You also need to have administrator privileges.

Do the following in order to add new profiles.

  1. On the Main tab in the Management Console, click List under Users and Roles.  
  2. Click Users. This link is only visible to users with the Admin role. 
  3. Click the User Profile link.
  4. You can add multiple profiles using the Add New Profile link and create any number of profiles for your user as long as the user is located in a JDBC user store.

Changing a user's password

You can change your password or reset another user's password (if you have administrative privileges) using the management console. 

  1. On the Main tab in the management console, click List under Users and Roles.
  2. To change your own password, click  Change My Password , enter your current password and new password, and click  Change .
  3. If you are an admin user and need to  change another user's password (such as if they have forgotten their current password and need you to reset it), do the following:
    1. Click Users.
    2. Find the user's account on the Users screen and click Change Password in the Actions column.
    3. Enter a new temporary password and click Change. By default, the password must be at least five characters and should have at least one character with a capital letter, characters, numbers and special characters.
    4. Inform the user of their new temporary password and instruct them to log in and change it as soon as possible.

Deleting an existing user 

 Follow the instructions below to delete a user.

Deleting a user cannot be undone.

  1. On the Main tab in the Management Console, click List under Users and Roles.  
  2. Click Users. This link is only visible to users with the Admin role. 
  3. In the Users list, click Delete next to the user you want to delete, and then click Yes to confirm the operation.
Related Topics
  • No labels