Configure the service

This section provides an overview of how to configure Delegated User Management on the OneWelcome Identity Platform.

1. Review and update your organization data

   • Verify the setting for the default language under the General tab. Any content you define will be associated to this language. You can later add other languages and translate or adjust the tone to fit your organizational culture. For more information, see Settings.

     

2. Organise managed identities into static or dynamic structures

   • A structure represents a logical organization of identities.
   • The structure can be on a single level (flat) or on several levels (nested). Any identity can be part of one or more structures at any given time. Structures allow granular control over which identities and data specific roles can control. For more information, see Structures.

   • There are two main types of structures:

     • Static: Groups that are defined manually. For example, employee and department. This step can be automated using rules and mass updates.
     • Dynamic: Groups that are inferred from the attributes that are already associated with an identity. For example, country and city.

     

3. Configure applications

   • Applications that are integrated with the OneWelcome Identity Platform provide single sign-on capabilities to its users. For more information, see Applications.
   • For the setup of pre-integrated applications, the options include:
     • Define application roles that are passed to the external application when the user logs in through single sign-on.
     • Organise applications into categories defined under application categories.

   • For more information, see applications.

     

4. Define roles

   • Delegated User Management supports three types of roles:
     • Access roles provide access to applications for the users that have them associated. The same role might provide access to one or more applications. Furthermore, during the single sign-on process, the platform passes to the application the application roles that were defined for it and that were selected while defining the role.
     • Admin roles provide access to the platform for users that have them associated, and through it, to the other identities that are managed inside it. Access to other identities is controlled through entitlements that define the scopes (list of identities that a user with a specific role might affect) and actions that can be performed, including the option to delegate certain access rights to the identities in the scope.
     • Personal roles control what personal data a user may access on his own profile and what actions he/she can perform on it.
   • While defining roles, keep in mind that any identity may have multiple roles.

   • For more information, see Roles.

     

5. Setup attribute and structure-related rules

   • Rules represent the main mechanism that can be used to automate the role assignment, group membership or attribute value change process to identities. Through them, one can set specific conditions related to the identity belonging to specific group(s) or to one or more attribute values. In case the conditions are met, the determined roles, groups or attributes are assigned to the identity.
   • The rules engine works like a background system job that is triggered periodically. As a consequence, the changes in users' roles may not be visible instantly.

   • In case there's a need to assign, as a one-time action, specific roles to a large number of identities based on their affiliation to a specific group or having a specific set of attributes, refer to the Mass updates action under Users. For more information, see Rules.

     

6. Define branded apps

   • Branded apps represent the applications that the organization owns and controls and whose identities are managed through OneWelcome IAM. For each such application the system generates a unique application URL (with several sub-domains to cater for different services and ways to access, such as self service, portal and API). For more information, see Branded apps.

     

7. Customise the user management portal

   • Two major groups of settings facilitate user management:
     • Renaming, grouping and sorting the identities' attributes in the default language within Data -> Attributes
     • Setting up data-value-conditioned rules rules based on group membership or attribute value conditions Access -> Rules -> Data value conditioned.

8. Customise the platform look and feel

   • Under this menu item, there are options to configure (for each individual branded app) the look and feel of the platform (colours, logos). For more information, see Applications -> Branded apps.

     

9. Customise the data visualisation settings

   • This area controls what data the organization's employees & partners will see in the Dashboard & Reports sections of the portal. Options include events' processing & naming, events' grouping and display options for the entry, dashboard page. Keep in mind that deactivating an event from being processed affects the entire platform (the respective event will not be processed at all). For more informaiton, see Data -> Events.

     

10. Manage localisation

    • Use the translation module in case you want to add multiple languages to cater the needs of both the organization's employees & partners accessing the portal and the organization's customers accessing the self service portal. For more information, see Translations.

      

11. Assign groups and roles to users

    • The direct assignment of groups and roles to users is performed through the Users module. You search and find the user, navigate to their Profile page, and perform the required changes.
    • Note that a user might have his/her roles or groups changed through rules, mass updates, or changes triggered by their account condition (for example, several failed logins). For more information, see Users -> Management.
    • Assign groups to users (direct assignment)
    • Assign roles to users (direct assignment)