...
- UserId - internal use for OneList;
- UserName - a unique key for every user. This is mapped to the common user ID of the organization;
- Profile - user profile, e.g. first name, last name, email;
- Manager - optional, the user's reporting manager;
Linking OneList User with IdP and Source
...
System User
For OneList to automatically surface tasks to user, it needs to establish the above link between the user’s IDP login and his/her source system user id. The OneList username is the key in this link. The general process of identifying the value for the OneList username is:
...
If a source system is unable to provide the user mapping then OneList will prompt user to log on to that source system once before tasks are surfaced from that source system.
Where is the user linkage saved and how it is used
The linking between OneList user and external user is saved in the ExternalLogin table in the RoleManager database.
- When user logs on via external Idp, OneLIst uses the Idp's use id to find the OneList user id in the ExternalLogin table and grants access to the user;
- When OneList receives a task from Source System, it uses the source system user id to find to find the OneList user id in the ExternalLogin table, then assigns the task to the OneList user. The reverse lookup process is used to identify the source system user id when user actions a task.
OneList user account creation
There are two scenarios that an OneList user account is created:
- When a new task assignee is identified in a source system. In this case, the OneList Adapter makes a query to OneList after every task upload, to find if there is any user for that source system requires linking to OneList user account. If OneList returns a list of the source system user id then the OneList Adapter can post the full detail of those uses to OneList. OneList then creates new user account if require and links the source system user id with the OneList user account. The prerequisite of this scenario is that the OneList adapter has full information of the use account including UserName and email.
- When a user logs on to OneList (via RoleManager) for the first time. In this case, the user either register a new account (via the Register link on the login page), or after authenticated by the organisation's Idp. If using Idp, RoleManager goes through the external log in process discussed above and creates new user account if no existing user is found for the Idp user login.
Claims required from source system to setup OneList user profile
Claim Type | Source System Value | OneList User |
---|---|---|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | Source system user id | UserName |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | First name | FirstName |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | Surname | LastName |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
...