You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/users.md
+15-4Lines changed: 15 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,16 @@ There are two different types of users:
6
6
-[External users](#external-users) which are linked by an authenticated method to an external user/identity with a claim. The users are authenticated in an external Identity Provider and the users can be [redeemed](#provision-and-redeem) based on e.g. an `email` claim.
7
7
8
8
## Internal users
9
-
Internal users can be authenticated in all [login](login.md) authentication methods in an environment, making is possible to [customize](customization.md) the login experience e.g., depending on different [application](connections.md#application-registration) requirements.
9
+
Internal users can be authenticated in one or more [login](login.md) authentication methods in an environment, making is possible to [customize](customization.md) the login experience e.g., depending on different [application](connections.md#application-registration) requirements.
10
+
11
+
Internal users support three user identifiers; email, phone number and username. The user identifiers is the username part when a user login with username and password.
12
+
You can select to only use one user identifier or them all.
13
+
14
+
Only phone number as user identifier.
15
+
16
+
17
+
Both email, phone number and username as user identifier.
18
+
10
19
11
20
### Create user
12
21
Depending on the selected [login](login.md) authentication method's configuration, new users can create an account online.
@@ -20,7 +29,8 @@ And is then asked to fill out a form to create a user.
20
29
21
30
22
31
The page is composed by dynamic elements which can be customized per [login](login.md) authentication method.
23
-
In this example the create user page is composed by a Full name element and the default required Email and password element, ordered with the Full name element at the top.
32
+
In this example the create user page is composed by a Given name element and a Family name element and a Email element and a Password element, ordered with the Full name element at the top.
33
+
The Email element is a user identifier used to login.
24
34
25
35
This is the configuration in the [login](login.md) authentication method. Moreover, the claim `some_custom_claim` is added to each user as a constant in the [claim transformation](claim-transform).
26
36
@@ -32,9 +42,10 @@ Internal users can be created, changed and deleted with the [Control Client](con
32
42
33
43
34
44
### Multi-factor authentication (MFA)
35
-
Multi-factor authentication can be required per user. The user will then be required to authenticate with a two-factor authenticator app in a [login authentication method](login.md#two-factor-authentication-2famfa) and to configure the authenticator app if not already configured.
45
+
Two-factor / multi-factor authentication can be required per user. The user will then be required to authenticate with a two-factor based on SMS, email or authenticator app and to register a authenticator app if not already registered.
36
46
37
-
It is possible to see whether a two-factor authenticator app is configured for the user, and the administrator can deactivate the configured two-factor authenticator app.
47
+
It is configurable which two-factor authentications should be available per user and per [login authentication method](login.md#two-factor-authentication-2famfa).
48
+
You can see whether a two-factor authenticator app is registered for on the user, and the administrator can deactivate the configured two-factor authenticator app.
0 commit comments