ONE Desktop ONE DQG ONE MDM ONE RDM ONE Runtime Server
latest (15.1.0) 14.5.x 13.9.x 13.8.x 13.7.x 13.6.x
User Community Service Desk Downloads
If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

Users

Users identify people and services that have access to Ataccama ONE.

The user list is loaded from your identity management system. To view it, go to Global Settings > Users.

Users list overview
In this article, we assume the identity management system that you’re using is Keycloak.

Before you start

To access the application, users must be part of at least one group. See Groups.

You cannot create new users in ONE, only load them from your identity management system. See Manage users in Keycloak.

All changes made to user information in ONE apply only to ONE.

After modifying the list of users in ONE, you need to manually synchronize it with your identity management system. See Manage users in ONE.

Manage users in Keycloak

Prerequisites

The Ataccamaone realm is set up in Keycloak. This is done during the installation or upgrade of ONE.

To manage users and Keycloak roles, log in to Keycloak Admin Console as the Ataccamaone realm admin.

Typically, users and roles in Keycloak are loaded from other authentication services, such as Active Directory or LDAP. For more information about synchronization with Keycloak, see the official Keycloak documentation.

Create or edit users

  1. Log in to the Keycloak Admin Console and make sure the Ataccamaone realm is selected (1).

  2. Under Manage, go to Users (2).

  3. Select Add User (3) to create a new user or click the user ID to edit the configurations of an existing one.

    Keycloak user list

  4. Specify user Details, Attributes, and Credentials and view their Groups on the corresponding tabs.

    Keycloak add user

  5. Assign roles to the user on the identity provider Role Mappings tab:

    1. Select from Available Roles and click Add selected.

      For more information about managing roles in Keycloak, see Identity Provider Roles.
      Keycloak role mapping

  6. Make sure all user sessions for a particular user are ended after each role change (manual or inherited from group roles).

    For this, you need to log in to Keycloak Administration Console as Keycloak Administrator. Open the user configuration (Manage > Users) and on the Sessions tab select Log out all sessions.

Tips and tricks

View all users assigned to a role on the Roles > Users in the Role tab.

Keycloak view users with role

View all roles assigned to a user on the Users > Role Mappings tab.

Keycloak role mappings

Remove users

After a user is deleted from Keycloak, they can no longer log in to ONE with their credentials. However, to retain their activity history and drafts related to the deleted user, the user is not automatically removed from ONE but is instead marked as inactive.

If you want to delete the user profile from ONE as well, see Edit users in ONE.

To remove users from Keycloak, on the Users tab, select Delete for a particular user and confirm your choice.

Keycloak delete user

Manage users in ONE

Use ONE to synchronize with your identity management system manually when there are issues with automatic synchronization. You can also manage user information in ONE, but these changes cannot be propagated to your identity management system.

Check the Before you start section before proceeding.

Synchronization works only in one direction: from your identity management system to ONE. After you run the synchronization, the changes in your identity management tool override all changes in ONE.

We strongly recommend managing all users and roles in your identity management system.

To manage users in ONE or synchronize with your identity management system, go to Global Settings > Users.

ONE user list

Select a user from the list to view the assigned identity provider roles, groups, and governance roles. Expand the group to see which governance roles this user is assigned to and whether they have been assigned through the identity provider role (see Default group example) or directly to the user (see Data Office group example).

assigned groups and governance roles

Edit users in ONE

You can edit both the user metadata and the identity provider roles assigned to the user from the Global Settings > Users tab:

  • To edit an existing user description or name, select a user and then Edit. After you have finished making changes, select Save to apply them.

  • To manage identity provider roles that are assigned to a user, select a user and modify the list of roles as needed:

    • To add an identity provider role that was not yet assigned, select Add Role and choose a person from the list.

    • Expand the three dots menu to:

      Roles three dots menu options

      • Show details for a user.

      • Edit the identity provider role from the Roles tab.

      • Delete the role.

Remove users in ONE

To remove a user:

  1. Go to Global Settings > Users.

  2. Do one of the following:

    • Select one or more users and then Delete.

      Delete users

    • Open the user details and in the three dots menu select Delete.

  3. After you’re done editing, publish the changes.

Synchronize changes with IAM system

To synchronize changes between your identity management system and ONE, go to Global Settings > Users and select Update.

Synchronize changes

Once the changes are successfully synchronized, you receive a notification from the Processing Center.

Was this page useful?