User Management
The user management functions allow users to manage their authenticators.
| Mandatory Server Settings |
ORG_ADMIN_USERNAME |
<Org admin user of HID Authentication Service Tenant> (e.g., john.doe@abcorg.com) |
|---|---|---|
|
ORG_ADMIN_PASSWORD |
<Password for the Org admin user> (e.g., Password01) |
|
|
KONY_APP_KEY |
<App key of the fabric application> (e.g., h728h89031832jdy9292) |
|
|
KONY_APP_SECRET |
<App secret of the fabric application> (e.g., 89bv2894673792003jy2) |
|
|
SERVICES_URL |
https://<kony-account-host>/services
|
|
| PASSWORD_AUTHTYPE |
<Static Password Authenticator> (e.g., AT_STDPWD) |
User Management Component Properties
| Property Name | Purpose | HID Component name |
|---|---|---|
|
isRMSEnabled |
This property determines whether a Risk Management System (RMS) is active or not. |
Radio Button (On/Off) |
|
Username |
This property is used to set the username to the component. |
|
Self-Service Component Functions
| Method Name | Prerequisites | Input Parameters | Event | Purpose |
|---|---|---|---|---|
|
getUserDevices |
None |
Username |
getDevicesSuccess, getDevicesFailure |
Display the devices associated with the user. |
|
editFriendlyName |
getUserDevices
|
DeviceId, NewFriendlyName |
EditFriendlyNameSuccess, error |
Update the device friendly name. |
|
changeDeviceStatusOnClick |
getUserDevices |
DeviceId, Status |
onUpdateDeviceStatusSuccess, onUpdateDeviceStatusFailure |
Change the device status. |
|
changePasswordOnClick |
None |
Username, OldPassword, New Password |
OnPasswordChangeSuccess, onPasswordChangeFailure |
Change the user's password. |
|
registerApproveOnClick |
None |
Username |
OnDeviceRegSuccess, onDeviceRegFailure |
Register a new device for the user. |
|
onPollingSuccess |
registerApproveOnClick |
RegisterApproveOnClick response |
|
Poll is the device registration was a success or failure |
|
getPasswordPolicy |
None |
|
OnPasswordPolicySuccess, onPasswordPolicyFailure |
Get instructions (password policy) for new the password while changing the password. |
Public Component Functions
| Names | Purpose |
|---|---|
|
loadUserManagement (Function) |
Load the userDevices and Password policy. |
|
userName (Variable) |
Pass the username to get userDevices and PasswordPolicy. |
| unassignDevice (deviceId) | Unassign the device before deleting it. |
| deleteDevice (deviceId) | Delete the device once it is successfully unassigned. |
Self-Service Processors
| Names | Description | Used by (ServiceName-Operation) |
|---|---|---|
|
SearchUserPreProcessor |
It retrieves values from the configuration properties of "PASSWORD_AUTHTYPE" and applies them to the request. |
UserManagementService- SearchUser |
|
SearchUserPostProcessor |
Processes the output of SearchUser API and adds an error flag to the request if noUserRecords, if userActive empty or with the flag FALSE. If the "authType" present in request is not available in the authenticator (results of SearchUser), then updates the "AuthExists" flag to false. If it is present, updates the flag to true. |
UserManagementService- SearchUser
|
|
GetPasswordPolicyPreProcessor |
It retrieves values from the configuration properties of "PASSWORD_AUTHTYPE" and applies them to the request. |
UserManagementService - getPasswordPolicy |
|
ChangePasswordPreProcessor |
From the request, takes the value of "userExists", "AuthExists", "authType", "userId".
For both steps, updates "sequenceFailed" to true. Then adds "userId" and "id" (id = userId + "." + authType) to the input Map (request). |
UserManagementService - changePassword |
|
ChangePasswordPostProcessor |
Processes the output of "ChangePassword", from request takes "ChangePasswordError" to "error", "opstatus". If "opstatus" is empty or 0, updates "error" message to "errorMsgDetail", "sequenceFailed" to true and "status" to false. If no error, updates "status" to true. |
UserManagementService - changePassword |
|
ChangePasswordOrchPostProcessor |
From the request, takes "sequenceFailed" flag. If this flag is true, shows "errorMsgDetail", "status" as false and "opStatus" as "-1". If flag is false, shows the result. |
ChangePassword - ChangePassword (Orchestartion) |
|
CreateDevicePreProcessor |
Calculates the start and expire date based on the current date and time and sets it in the request(inputMap), from server setting takes the value of "DEVICE_TYPE", if not empty, sets in the request(inputMap). |
ScimAPIs - createNewDevice |
|
CreateDevicePostprocessor |
Takes the "DeviceId" value from the request, if value is not present, keeps null. If "DeviceId" is empty, collects an error message named as "detail_CreateDevice" from the request, if the error message is also empty, updates the error message as "Service Failed Please try again Later" and keeps the same in the request. |
ScimAPIs - createNewDevice
|
| PasswordValidationPreprocessor | This preprocessor is to validate the customer password. | PasswordAuthServices\passwordValidation |
| ClientBasePreprocessor | This preprocessor is to get the IDV token and put the value to the header. | PasswordAuthServices\passwordValidation |
| OOBAuthenticatorPreprocessor | This preprocessor is to set the channelId and authType for request. | OTPServices\sendOOB, OTPServices\validateOOB |
| SendOOBPostProcessor | This postprocessor is to check the service is executed successfully or failed. | OTPServices\sendOOB |
Self-Service Component Services
Object Services
| ServiceName | DataModel | Mapping | Purpose | InputParams | Invoking |
|---|---|---|---|---|---|
|
HIDUserManagement |
ChangePassword |
ChangePwd |
Change the user's password. |
userName, Password |
ChangePassword > changeUserPassword |
|
HIDUserManagement |
DeviceRegistrationPolling |
deviceRegistrationPolling |
Poll if the device registration was a success or failure. |
deviceId |
HIDPollConsensus > getHIDDeviceRegistrationStatus |
|
HIDUserManagement |
PasswordPolicy |
getPolicy |
Get the password policy instructions. |
authType |
UserManagementService > getPasswordPolicy |
|
HIDUserManagement |
RegisterDevice |
getProvisioningMsg |
Register a new device for the user. |
userName, DeviceId, usernameWithRandomNo |
ApproveDeviceRegistrationOrch > getInviteCode |
|
HIDUserManagement |
SearchDevices |
SearchDevices |
Display the user's devices. |
username, userId |
SearchDevices > searchDevices |
|
HIDUserManagement |
UpdateDeviceName |
updateFriendlyName |
Update the device friendly name. |
deviceId, friendlyName |
UserManagementService > updateDeviceFriendlyName |
|
HIDUserManagement |
UpdateDeviceStatus |
updateDeviceStatus |
Update the device status. |
deviceId, status |
ScimAPIs > updateDeviceStatus |
| HIDUserManagement | AssignUnassignDevice | assignUnassignDevice | Unassign the device before deleting it. | username, deviceId, status | AssignUnassignDevice > assignUnassignDevice |
| HIDUserManagement | DeleteDevice | deleteDevice | Delete the selected device. | deviceId | DeleteDevice > deleteDevice |
| HIDAuthService | ValidatePassword | validatePassword | Validate the password. | username, password | PasswordAuthServices > passwordValidation |
| HIDAuthService | ValidateOTP | validateOtp | Second factor check to validate the OTP. | username, password, authType | OTPServices > validateOOB |
| HIDAuthService | OTPRequest | sendOTP | To send the OTP for registered mobile number. | username, AuthenticationType | OTPServices > sendOOB |
| HIDUserManagement | FIDORegistration | getRegistrationOptions | It will fetch the configuration options to create FIDO credentials. | username | FIDOOrch > getCredentialOptions |
| HIDUserManagement | FIDORegistration | registerCredential | It will register the user with FIDO Authenticator. | username, request_uri, id, rawId, clientDataJSON, attestationObject, csrf | FIDO> registerCredential |
HID Fabric Services
| Names | Operation Name | Service Type | Description |
|---|---|---|---|
|
UserManagementService |
SearchUser |
Integration |
Performs a user search. |
|
UserManagementService |
changePassword |
Integration |
Performs a change user password. |
|
ChangePassword |
ChangePassword |
Orchestration |
Orchestration for Change password |
|
UserManagementService |
getPasswordPolicy |
Integration |
Displays the Password policy. |
|
SearchServices |
SearchUserAuth |
Integration |
|
|
SearchServices |
SearchDeviceAuth |
Integration |
|
|
SearchDevices |
searchDevices |
Orchestration |
|
|
ScimAPIs |
createNewDevice |
Integration |
Creates a new DeviceId. |
|
ScimAPIS |
updateDevice |
Integration |
Updates the owner of the device during HID Approve device registration request |
|
DeviceProvisionJava |
getProvisonMsg |
Integration |
Java code to generate a device provisioning message. |
|
ApproveDeviceRegistrationOrch |
getInviteCode |
Orchestration |
|
|
HIDPollConsensus |
getHIDDeviceRegistrationStatus |
Integration |
Java code to perform polling while registering a device. |
|
HIDUserManagement |
DeviceRegistrationPolling |
Orchestration |
Orchestration for polling. |
|
UserManagementService |
updateDeviceFriendlyName |
Integration |
|
|
ScimAPIs |
updateDeviceStatus |
Integration |
|
| AssignUnassignDevice | assignUnassignDevice | Integration | Assign or unassign a device. |
| DeleteDevice | deleteDevice | Integration | Delete a device associated with the provided deviceId. |
| OTPServices | sendOOB | Integration | Sends an OOB (SMS/Email) OTP to the user. |
| OTPServices | validateOOB | Integration | Validates the OOB (SMS/Email) OTP. |
| PasswordAuthServices | passwordValidation | Integration | Validates the user's static password. |
| customHIDLoginWithoutMFA | - | Identity | End-user authentication with MFA validation |
Please refer Risk Management System - Non-financial flow section for RMS services
Troubleshooting Fabric Services
Refer to troubleshooting the User Management Fabric Services.
