Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

User object represents a physical user of the system. It differs from the account, as account represents a data structure in a target system. One user will typically have many accounts. Properties of User object describe the user as a person. User object will usually be extended with employee details or customer details, but we define only a handful of the most common properties now. Other properties vary from implementation to implementation can be defined in the schema extension (the in the "extension" element).

Properties

User object contains following properties:

Property

Type

Description

fullName

PolyString
optional

Full name of the user with all the decorations, middle name initials, honorific title and any other structure that is usual in the cultural environment that the system operates in. This element is intended to be displayed to a common user of the system.
Examples: cpt. Jack Sparrow, William "Bootstrap" Turner, James W. Random, PhD., Vladimir Iljic Lenin, Josip Broz Tito, Chuck Norris

givenName

PolyString
optional

Given name of the user. It is usually the first name of the user, but the order of names may differ in various cultural environments. This element will always contain the name that was given to the user at birth or was chosen by the user.
Examples: Jack, Chuck

familyName

PolyString
optional

Family name of the user. It is usually the last name of the user, but the order of names may differ in various cultural environments. This element will always contain the name that was inherited from the family or was assigned to a user by some other means.
Examples: Sparrow, Norris

additionalName

PolyString
optional

Middle name, patronymic, matronymic or any other name of a person. It is usually the middle component of the name, however that may be culture-dependent.
Examples: Walker, John, Iljic

nickName

PolyString
optional

Familiar or otherwise informal way to address a person. The meaning of this property is to take part in the formatted full name of the person, e.g. William "Bootstrap" Turner. It is not intended to be used as a username or login name. This value is usually changable by the user itself and it defines how the user wants other to address him.
Examples: Bootstrap, Bobby

honorificPrefix

PolyString
optional

Honorific titles that go before the name.
Examples: cpt., Ing., Sir

honorificSuffix

PolyString
optional

Honorific titles that go after the name.
Examples: PhD., KBE

title

PolyString
optional

User's title defining a work position or a primary role in the organization.
Examples: CEO, Security Officer, Assistant

preferredLanguage

string
optional

Indicates user's preferred language, usually for the purpose of localizing user interfaces. The format is ISO 639-1 two letter language code and the ISO 3166-1 two letter country code separated by underscore. If not specified then system default locale is assumed.
Examples: en_US, sk_SK

locale

string
optional

Defines user's preference in displaying currency, dates and other items related to location and culture. The format ISO 639-1 two letter language code and the ISO 3166-1 two letter country code separated by underscore. If not specified then system default locale is assumed.
Examples: en_US, sk_SK

timezone

string
optional

User's preferred timezone. It is specified in the "tz database" (a.k.a "Olson") format. If not specified then system default timezone is assumed.
Examples: Europe/Bratislava

emailAddress

string
optional

E-Mail address of the user. This is the address supposed to be used for communication with the user. E.g. IDM system may send notifications to the e-mail address.

telephoneNumber

string
optional

Primary telephone number of the user.

employeeNumber

string
optional

Unique, business-oriented identifier of the employee. Typically used as correlation identifier and for auditing purposes. Should be immutable, but the specific properties and usage are deployment-specific.

employeeType

string
optional

Employee type specification such as internal employee, external or partner. The specific values are deployment-specific.

costCenter

string
optional

The name of the cost center.

organizationalUnit

PolyString
optional

Name or (preferrably) immutable identifier of an organizational unit that the user belongs to. Deployment-specific.

locality

PolyString
optional

Primary locality of the user, the place where the user usually works, the country, city or building that he belongs to. Deployment-specific.

credentials

CredentialsType
optional

The set of user's credentials (such as passwords). This is a container type for various credentials types: passwords, public keys, one-time password scheme identifiers, etc. However, we expect that a password will be the most widely used credential type and that's actually also the only supported type.

activation

ActivationType
optional

User's activation. e.g. enable/disable status, start and end dates, etc. The content of this property determines if user should be regarded as active or inactive (e.g. disabled)

assignment

AssignmentType
optional
multi

Set of user's assignments. Represents objects (such as roles) or accounts directly assigned to a user. Represents a that the user should have something. See Assignment.

accountRef (account)

ObjectReference (AccountType)
optional
multi

Reference to accounts that this user owns or embedded account object (see Object References). This property specifies the linked accounts, that means account that midPoint thinks the user really has. It may be different from what he should have as represented by assignments (see above).

User Examples

Minimal User
<user>
    <name>jack</name>
    <fullName>Jack Sparrow</fullName>
    <givenName>Jack</givenName>
    <familyName>Sparrow</familyName>
</user>
Rich User
<user>
    <name>morgan</name>
    <fullName>Admiral Sir Henry Morgan</fullName>
    <givenName>Henry</givenName>
    <familyName>Morgan</familyName>
    <nickName>Barbadosed</nickName>
    <honorificPrefix>Admiral Sir</honorificPrefix>
    <title>Privateer</title>
    <preferredLanguage>en_UK</preferredLanguage>
    <locale>en_UK.UTF-8</locale>
    <timezone>America/Jamaica</timezone>
    <emailAddress>morgan@gov.jm</emailAddress>
    <telephoneNumber>+1 876 555 5555</telephoneNumber>
    <employeeNumber>1</employeeNumber>
    <employeeType>FTE</employeeType>
    <organizationalUnit>Government</organizationalUnit>
    <organizationalUnit>Navy</organizationalUnit>
    <locality>Jamaica</locality>
    <credentials>
        <password>
            <protectedString>
                 <clearValue>shiverM3t1mb3rz</clearValue>
            </protectedString>
        </password>
    </credentials>
    <activation>
         <enabled>true</enabled>
    </activation>
</user>

Accounts and Assignments

Please see Assignment and Assigning vs Linking pages.

  • No labels