User Profiles
A User Profile in TrustBuilder.io represents an entity like a person, device, or application. It stores personal details needed for access control.
TrustBuilder.io recommends each user have one User Profile, which can link to various accounts for different systems. Users log in with one User Profile. During login, users can choose a persona or use a default persona. Each user profile has a unique id. Users identify themselves with a unique username.
The user profile is stored in the Users database. It is accessible via the /users and /userinfo API endpoints. API provides user details as a JSON object with attributes from various sources, mainly a NoSQL database.
The TrustBuilder user profile can be composed of different elements:
Common attributes: Basic information, like identifier, username, first name, last name, and latest login timestamp.
Custom Attributes: Additional user information stored in customizable attributes.
Personas: Different roles or personas linked to the profile.
Third-Party Attributes: Attributes from other identity providers (e.g., Google, Facebook) are not directly editable and not stored permanently to avoid privacy risks. These attributes can prefill registration forms and are refreshed each time the user logs in.
Detailed User Profile Information
Name | Type | Description | Searchable? | Editable? | Importable? |
|---|---|---|---|---|---|
Profile identification | |||||
| uuid | Is system-generated and uniquely refers to the user profile. It is guaranteed to be unique within the realm of the customer. Importing allows user records to be synchronized across multiple systems without using mapping tables. | Y | N | Y |
| string | The name used by the user to identify their profile. This can look like an email address, a phone number, a full name separated with dots, a nickname, a customer-number, etc. It shall be unique within the customer’s realm. It can be copied from the user_id of the preferred_idp. | Y | Y | Y |
| string | Id that uniquely identifies the person at the customer, such as CRM contact-id, personnel_number, etc. | Y | Y | Y |
| array of | Contains info about the different roles a user can play in the context of your service registered (see fields defined below). | Y | N | Y |
Personal characteristics | |||||
| string | The user's family name, normalised from the connected IdPs in a given priority order. | Y | Y | Y |
| string | The user's given name, normalised from the connected IdPs in a given priority order. | Y | Y | Y |
Preferences | |||||
| string | End-User's preferred language(s) for the user interface, represented as an array of BCP47 [RFC5646] language tag values, ordered by preference. Only the first language is considered. For example | Y | Y | Y |
| string | The user's email address to be used for communicating with the user for notifications, requests, and other service-related matters | Y | Y | Y |
| boolean | Indicates whether the user has confirmed their email address for service communications. | Y | N | Y |
System-generated attributes | |||||
| date time | System-generated timestamp (in UTC ISO 8601) indicating when the user last logged in. If a user is blocked and logs in, the blocked session updates last_login. If you are using this property from inside a Rule using the user< object, its value will be associated with the login that triggered the rule; this is because rules execute after login. | Y | N | N |
| date time | System-generated timestamp (in UTC ISO 8601) indicating when the user profile was first created. | Y | N | N |
| date time | System-generated timestamp (in UTC ISO 8601) indicating when the user's profile was last updated/modified. Changes to last_login are considered updates, so most of the time, updated_at will match last_login. | Y | N | N |
Example user profile
{
"id": "B67425562B52417FAB73",
"username": "jan.janssen",
"created_at": "2022-05-17T11:29:05",
"family_name": "Janssen",
"given_name": "Jan",
"ui_locales": "fr-FR",
"preferred_email": "jan.janssen@gmail.com",
"email_verified": TRUE,
"personas": [
{
"id": "E1F425562B52417F87BA",
"name": "consumer",
"status": "ACTIVE"
},
{
"id": "9DD425562B52417F981C",
"name": "customer_employee",
"scope": [ "chemco" ],
"status": "PENDING"
}
]
}How to manage User Profiles?
TrustBuilder enables a user profile to be created independently of any back office system.
The User Profiles can be created and edited:
using the TrustBuilder admin portal
using TrustBuilder Admin API (See Developer guide)
by a user using self-registration from the self-service portal
Create a User profile
To create a user profile for someone from TrustBuilder admin portal:
Go to Identity Management > Users
Click on + Add User
Enter the Email, First Name, Last Name
Enter the Username.
The user will authenticate using the username. This has to be unique across the tenant. TrustBuilder will raise an error if an attempt is made to create or update a user profile with a username that is already in use (even if it is used by a blocked user profile). For example, this can look like an email address, a phone number, a full name separated with dots, a nickname, a customer-number.Click on Save.
The User Profile is successfully created. You can now edit the user profile to link it to Identity Providers and Personas, and add Consents.
A Universally Unique Identifier (UUID) is system-generated and uniquely refers to the user profile.
For each created User Profile, a principal (the entity that can be authenticated - usually a User) is automatically created in the TrustBuilder system Identity Provider. By default, the User Profile is linked to this principal.
Edit a User Profile
To edit a User Profile for someone from the admin portal:
Go to Identity Management > Users.
Click on Edit for the relevant User profile.
In the General tab, you can edit the Email, the first and last names and the Username.
In the Provision tab, the available Identity Providers are listed (see Identity Providers to know more). For each Identity Provider (depending on the IdP type), you can perform the following actions:
Link / Unlink the Identity Provider to the User Profile → Allow or disallow the user to authenticate using this Identity Provider
(Only for System IdP) Set the Password for this Identity Provider → Set a password for this User Profile to authenticate using this Identity Provider. Password can be any combination of letters (upper and lower case), numbers, and symbols (ASCII-standard characters only).
We recommend that you let users set their own password. Creating a user profile initiates an email confirmation process in which user will be invited to set a password.(Only for System IdP) Show provisioning details (requires provisioned status) → Display user login and password details
In the Consents tab, add Consents if needed (see Consents to know more).
In the Personas tab, add Personas if needed (see Personas to know more).
Click on Save and Close.
The User Profile is successfully updated.
Delete a User Profile
To delete a User Profile from the admin portal:
Go to Identity Management > Users
Click on the relevant user (or on the three dots).
Click on Delete.
In the pop-up, click on Delete to confirm the action.
The User Profile is successfully deleted. You may have to refresh the page to see it disappear from the list of user profiles.