Managing Personas

About User Persona

In TrustBuilder, User Persona represents a business role, a mandate, a qualification or a capacity of a person, a device or an application and is associated with a single user profile. TrustBuilder fosters the model whereby every user has one and only one User Profile, which may be associated with one or more User Personas. Personas helps to clearly separate these activities for the users convenience and/or for security reasons.

A User Profile can be associated with one or more personas.

For example, Alice Purple can be a staff member and also a customer of the same company. Alice only needs one user profile. Her user profile will be associated to two personas corresponding to the two roles she can play (staff member and customer).

When users log in, they select a specific persona (or use default persona). TrustBuilder policies use the selected persona to decide whether certain activities can be granted or not. During a valid session, the users can switch to another persona when relevant or required. The authorization policy may specify whether switching from one persona to another requires additional authentication.

Custom attributes operate as secondary storage to maintain (cache) additional user info and derived attributes in customizable attributes, which may be linked to any of the above mentioned levels: top level, provider level and persona level.

The following persona attributes are pre-defined and available in every persona, and some may be updated, imported, and exported.

Persona object

The composite personas attribute represents one of the business roles registered for the user that has been added by the user, has been added by an administrator, or has been uploaded. To an end-user, a specific persona object inside a user profile is uniquely identified with the combination type and scope. To a system, a specific persona object of a user profile is uniquely identified with the id.

Name	Type	Description	Searchable?	Editable?	Importable?
`id`	uuid	Is system-generated and uniquely identifies this instance of the persona object across all user profiles and all personas	Y	N	N
`persona_definition_id`	string	Refers to the definition of the persona type. The persona defiiton includes the `name` to denote the persona and any additional custom attributes.	Y	Y	Y
`scope`	array of string	Contains info about a user that refines and limits the persona.type, in case of multiple occurrences, e.g. member of a specific team or employee at a specific company.	Y	Y	Y
`is_preferred`	boolean	Indicates whether this persona is the default when logging in the user. Allows the UX to start without explicit persona selection to be made by the user.	Y	Y	Y
`entitlements`	array of string	info about a user that may influence a user's access, e.g. subscriptions, permission-sets, access-groups, or application-roles, referred to by their name.	Y	N	Y
`email`	string	The user's email address to be used for communicating with the user regarding this persona	Y	Y	Y
`valid_from`	date time	Date & time (in UTC ISO 8601) indicating as of when the persona is legally valid, subject to persona_status	Y	Y	Y
`valid_till`	date time	Date & time (in UTC ISO 8601) indicating till when the persona is legally valid, subject to persona_status	Y	Y	Y
`status`	`status` object	the status of the persona assignment for this user	Y	N	Y
<custom attributes>	array of `attribute`	Persona-related attributes defined by the customer - please refer to User attributes.	Y	Y	Y

Status object

The status of an attribute is represented as a composite object containing following elements. The status reflects the last state of the persona according to a state transition diagram. States change from one state into another after certain conditions are met. For example, a newly created persona has the status “pending” until an administrator approved it, after which it will get the status “accepted.”

Name

Type

Description

Searchable?

Editable?

Importable?

current

string

The custom name referring to the actual status of the attribute. For example:

pending – when the attribute is first created/added or updated
accepted – when another user accepted the claimed attribute
confirmed – when an authoritative system or the holder confirmed it
rejected – when the attribute is rejected by another user or a system
suspended – when use of the attribute is temporarily suspended
deactivated – when use of the attribute is no longer possible

Y

N

Y

set_at

date time

System-generated timestamp (in UTC ISO 8601) indicating when the status was last changed [in a future release]

Y

N

Y

set_by

string

The UUID of the user causing the latest status change, or the client_id of the application that caused it [in a future release]

Y

N

Y

Add a persona to a User profile

You can add a persona to an existing User Profile.

From the admin portal:

Go to User Management > Users
Click on the edit button for the relevant User attribute.
Go to Personas tab > +Add Persona
Select a persona and click on Select.
You can set the persona as preferred Persona.
Click on Save.

The Persona is successfully added to the User Profile.