Users
Users identify people and services that have access to Ataccama ONE.
The user list is loaded from your identity management system. To view it, go to Global Settings > Users.
In this article, we assume the identity management system that you’re using is Keycloak. |
Before you start
To access the application, users must be part of at least one group. See Groups.
You cannot create new users in ONE, only load them from your identity management system. See Manage users in Keycloak.
All changes made to user information in ONE apply only to ONE.
After modifying the list of users in ONE, you need to manually synchronize it with your identity management system. See Manage users in ONE.
Manage users in Keycloak
Prerequisites
The Ataccamaone
realm is set up in Keycloak.
This is done during the installation or upgrade of ONE.
To manage users and Keycloak roles, log in to Keycloak Admin Console as the Ataccamaone
realm admin.
Typically, users and roles in Keycloak are loaded from other authentication services, such as Active Directory or LDAP. For more information about synchronization with Keycloak, see the official Keycloak documentation. |
Create or edit users
-
Log in to the Keycloak Admin Console and make sure the
Ataccamaone
realm is selected (1). -
Under Manage, go to Users (2).
-
Select Add User (3) to create a new user or click the user ID to edit the configurations of an existing one.
-
Specify user Details, Attributes, and Credentials and view their Groups on the corresponding tabs.
-
Assign roles to the user on the identity provider Role Mappings tab:
-
Select from Available Roles and click Add selected.
For more information about managing roles in Keycloak, see Identity Provider Roles.
-
-
Make sure all user sessions for a particular user are ended after each role change (manual or inherited from group roles).
For this, you need to log in to Keycloak Administration Console as Keycloak Administrator. Open the user configuration (Manage > Users) and on the Sessions tab select Log out all sessions.
Remove users
After a user is deleted from Keycloak, they can no longer log in to ONE with their credentials. However, to retain their activity history and drafts related to the deleted user, the user is not automatically removed from ONE but is instead marked as inactive. If you want to delete the user profile from ONE as well, see Edit users in ONE. |
To remove users from Keycloak, on the Users tab, select Delete for a particular user and confirm your choice.
Manage users in ONE
Use ONE to synchronize with your identity management system manually when there are issues with automatic synchronization. You can also manage user information in ONE, but these changes cannot be propagated to your identity management system.
Check the Before you start section before proceeding. |
Synchronization works only in one direction: from your identity management system to ONE. After you run the synchronization, the changes in your identity management tool override all changes in ONE. We strongly recommend managing all users and roles in your identity management system. |
To manage users in ONE or synchronize with your identity management system, go to Global Settings > Users.
Select a user from the list to view the assigned identity provider roles, groups, and governance roles. Expand the group to see which governance roles this user is assigned to and whether they have been assigned through the identity provider role (see Default group example) or directly to the user (see Data Office group example).
Edit users in ONE
You can edit both the user metadata and the identity provider roles assigned to the user from the Global Settings > Users tab:
-
To edit an existing user description or name, select a user and then Edit. After you have finished making changes, select Save to apply them.
-
To manage identity provider roles that are assigned to a user, select a user and modify the list of roles as needed:
-
To add an identity provider role that was not yet assigned, select Add Role and choose a person from the list.
-
Expand the three dots menu to:
-
Show details for a user.
-
Edit the identity provider role from the Roles tab.
-
Delete the role.
-
-
Remove users in ONE
To remove a user:
-
Go to Global Settings > Users.
-
Do one of the following:
-
Select one or more users and then Delete.
-
Open the user details and in the three dots menu select Delete.
-
-
After you’re done editing, publish the changes.
Was this page useful?