Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

OneWelcome Identity Platform
- Explore Thales Docs

IDAAS core
User journey orchestration
Consent and preference management
Delegated user management
- Getting started
- Roles
- Rules
- User management
- Self service page
- Data
- APIs
- Apps
- Jobs
- Reports
Externalized authorization
Identity broker
Mobile identity
Mobile SDK
API references
Release notes and FAQ
Integrations

All

All

IDAAS core

Identity store and data model

IDAAS core
Tenants and brands
Identity store and data model
SCIM API
- SCIM schemas
- SCIM user management
- SCIM user attributes
- SCIM API versions
Credential store
- Email address management
- Password management
- Password migration
Tokens
- Access tokens
- ID tokens
- Refresh tokens
- Access token API
- Token introspection API
Authentication
- Client authentication methods
- Step-up authentication
- Custom authenticators
- Authentication FAQ
Custom registration
- Custom registration examples
- QR registration example
- Stateless custom registration
- Custom registration API v1
- Custom registration v2
- Back-channel communication API
OAuth 2.0 and OpenID Connect
- OAuth 2.0 and OpenID Connect API
- Proof Key for Code Exchange
- Dynamic client registration API
- OAuth client authentication methods
- Device flow
- OAuth OIDC error handling
- OAuth 2.0 and OpenID Connect setup
- OpenID Connect
- OpenID Connect authentication
- OpenID Connect scopes and claims
- User claims and attributes
- OpenID provider configuration
- ID token encryption
- iFrame session monitoring
  - Relying party iFrame
  - End session API
  - Session management APIs
- Relying party examples
- OAuth endpoints
- Discovery API
- JSON Web Key Set API
- User information API
- OAuth configuration
- OAuth consent API
Web clients
- Web clients API
- Migration of web clients with hashed secrets
- Resource owner password credentials
Web hooks
- Web hooks configuration API
API rules
Notification API
Event store
- Audit events
- Audit log
- Events API
- Excluded events
- Security events
Securing resources
User session API
User management
Uniquely identify guests
Email overview

Was this document helpful? Yes No

Feedback Sent!

If you like, you can provide additional feedback.

OneWelcome Identity Platform
IDAAS core
Identity store and data model

Identity store and data model

The identity and access (IDAAS) core includes an identity store for storing all information related to the user. The identity store doesn't include credential information, which is instead stored in the credential store.

The identity store's data model is based on the SCIM specification and supports multiple SCIM schemas. To provide maximum flexibility and support any attributes that you need, you can create additional schemas. You can manipulate the identity records through the SCIM API with fine-grained authorizations.

Identity store

Schemas

The OneWelcome Identity Platform (OIP) provides a flexible data model that supports three schema types:

SCIM core schema: All attributes in the core schema come from the SCIM specification, which is an industry-standard specification for managing identities. It includes attributes such as first name, last name, email address, username, and so on.
OneWelcome Identity Platform schema extension: This schema extension consists of the OneWelcome Identity Platform proprietary attributes, such as state, tenant, and so on. These attributes are essential for the core to work with the identity apps in the platform, such as consent, mobile identity, and user delegated manager. You cannot edit the OneWelcome Identity Platform schema.
Tenant schema extension: You can bring your data model, including the attribute names, data validations, and other data types that your organization uses in the ecosystem. The identity store supports automated value assignment, configuration portability, and validation portability. If you have attributes with specific validations, you can include the validations with those attributes.

Schema examples

The example shows excerpts from both the OneWelcome schema extension and the tenant schema extension. The OneWelcome schema example includes the Google identifier, and the tenant schema example includes a car insurance policy number.

custom schema

Assign values automatically

The automated value assignment enables you to define rules where a specific attribute is automatically assigned a value based on different triggers. For example, when you create or update a user, you can also define the condition.

In the following example, when you create a user, and the value for username is empty, the username is automatically populated based on a specific expression.

identity store schema

Metadata

In addition to the attributes, the identity store includes metadata based on NIST 8112. The metadata provides the necessary context for understanding the value of the actual attribute. For example, the metadata stores when the attribute was created and last updated, but also stores what processing purpose the user consented to, where the data came from, and what the trust level is.

On this page

OneWelcome Identity Platform

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Support Contacts
Legal
- End User License Agreement
- Terms of Service

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com