Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

OneWelcome Identity Platform
- Explore Thales Docs

IDAAS core
User journey orchestration
Consent and preference management
Delegated user management
- Getting started
- Roles
- Rules
- User management
- Self service page
- Data
- APIs
- Apps
- Jobs
- Reports
Externalized authorization
Identity broker
Mobile identity
Mobile SDK
API references
Release notes and FAQ
Integrations

All

All

IDAAS core

User management

IDAAS core
Tenants and brands
Identity store and data model
SCIM API
- SCIM schemas
- SCIM user management
- SCIM user attributes
- SCIM API versions
Credential store
- Email address management
- Password management
- Password migration
Tokens
- Access tokens
- ID tokens
- Refresh tokens
- Access token API
- Token introspection API
Authentication
- Client authentication methods
- Step-up authentication
- Custom authenticators
- Authentication FAQ
Custom registration
- Custom registration examples
- QR registration example
- Stateless custom registration
- Custom registration API v1
- Custom registration v2
- Back-channel communication API
OAuth 2.0 and OpenID Connect
- OAuth 2.0 and OpenID Connect API
- Proof Key for Code Exchange
- Dynamic client registration API
- OAuth client authentication methods
- Device flow
- OAuth OIDC error handling
- OAuth 2.0 and OpenID Connect setup
- OpenID Connect
- OpenID Connect authentication
- OpenID Connect scopes and claims
- User claims and attributes
- OpenID provider configuration
- ID token encryption
- iFrame session monitoring
  - Relying party iFrame
  - End session API
  - Session management APIs
- Relying party examples
- OAuth endpoints
- Discovery API
- JSON Web Key Set API
- User information API
- OAuth configuration
- OAuth consent API
Web clients
- Web clients API
- Migration of web clients with hashed secrets
- Resource owner password credentials
Web hooks
- Web hooks configuration API
API rules
Notification API
Event store
- Audit events
- Audit log
- Events API
- Excluded events
- Security events
Securing resources
User session API
User management
Uniquely identify guests
Email overview

Was this document helpful? Yes No

Feedback Sent!

If you like, you can provide additional feedback.

OneWelcome Identity Platform
IDAAS core
User management

User management

The OneWelcome Identity Platform manages the users' access to the mobile applications that they have installed. There are a few ways to view or manage user actions. For example, on the administration console, you can search for a user to get an overview of all actions that a user has performed and what information is stored for that user.

The OneWelcome Identity Platform itself does not manage user personal data such as name, email, and so on. It merely consumes incoming data that is given to the OneWelcome Identity Platform during user authentication. The authentication mechanism must take care that all communication for a user (user ID) refers to the same user, and that this ID is unique. The user identifier is therefore also the identifier that is used to find information about a specific user.

User information on the admin console

On the admin console, you can get user information in the Users section. The admin console provides an overview of the events and data for a user. To see user data, you need to enter the user identifier for a specific user.

Users

Latest events

Shows the latest 20 events for a user. More detailed filtering can be applied in the Activity section. To access the Activity section, you need to have either the admin or operator role.

OAuth consent

Shows the clients and scopes for which the user has given consent.

Access tokens

Shows the current known access tokens for the user. Expired or revoked tokens are cleaned up automatically. When a refresh token is issued, the application to which this token was issued can refresh it based on either the user PIN or fingerprint, depending on the token type that is refreshed.

Access grants

This section is empty unless a client has not yet exchanged the access grant for an access token. This can occur when a client is configured improperly or when a device is suffering with network connectivity issues.

Mobile devices

Shows the mobile devices that a user has connected with the OneWelcome Identity Platform. It also shows the application to which this mobile registration is linked.

Modifications on mobile devices for a user are allowed for users of the admin console with the role admin.

Mobile devices

Disconnect user from device

This option disconnects the user from a mobile device. The functionality can be triggered per row item (via the Action drop-down in the Actions column) and per user (via the Action drop-down above the table).

Disconnecting a user from a device forces the user to enroll for the application again before they can use it again. Other users using this same device are not effected by the disconnect operation. When using the disconnect operation, the client credentials of the device are not removed.

Revoke mobile authentication

This option is only available if the user has activated a device for mobile authentication. The functionality is triggered from the Action drop-down.

When the mobile authentication is revoked, the user can no longer use the mobile device for authentication. To enable mobile authentication again, the user needs to enroll on a mobile device. This option also revokes the activation for push notifications for this user on this device.

Revoke push notifications

This option is only available if the user has activated a device for mobile authentication with push notifications. The functionality can be triggered from the Action drop-down.

When the push notifications are revoked, the user can no longer use the mobile device for authentication with push messages. They can still use the mobile device for other types of mobile authentication that do not require push messaging. To enable push notifications again, the user needs to enroll for push on a mobile device.

Delete mobile device

This deletes mobile devices for a user. The functionality can be triggered per row item (from the Action drop-down in the Actions column) and per user (from the Action drop-down above the table).

When deleting a user's device, all users connected to the device are disconnected and must enroll again before using the application again. A list of users connected to the device is prompted before the delete action can be approved. The delete operation removes the client credentials of the device, after using the application again it is registered as a new client.

Manage users with the API

All endpoints contained within the end user API are secured via an API client. To configure an API client, see API configuration.

The end-user API allow you to perform get and delete actions for the following user-specific data:

access tokens
applications
OAuth consent
devices
events
user session

On this page

OneWelcome Identity Platform

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Support Contacts
Legal
- End User License Agreement
- Terms of Service

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com