Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

OneList maintains it own user accounts which includes the following information:

  • UserId - internal use for OneList;
  • UserName - a unique key for every user. This is mapped to the common user ID of the organization;
  • Profile - user profile, e.g. first name, last name, email;
  • Manager - optional, the user's reporting manager;

Linking OneList User with IdP and Source Sytem User

For OneList to automatically surface tasks to user, it needs to establish the above link between the user’s IDP login and his/her source system user id. The OneList username is the key in this link. The general process of identifying the value for the OneList username is:

  • Identify and agree on the common user identifier in the organisation. SAMAccountName and UPN are commonly used as the user id;
  • Identify the claim from the Identify Provider that holds the common user id;
  • Verify each source system if it can map its user account to this common user id. The adapter is responsible for producing the user mapping for OneList.

If a source system is unable to provide the user mapping then OneList will prompt user to log on to that source system once before tasks are surfaced from that source system.

Where is the user linkage saved and how it is used

The linking between OneList user and external user is saved in the ExternalLogin table in the RoleManager database. 

  • When user logs on via external Idp, OneLIst uses the Idp's use id to find the OneList user id in the ExternalLogin table and grants access to the user;
  • When OneList receives a task from Source System, it uses the source system user id to find to find the OneList user id in the ExternalLogin table, then assigns the task to the OneList user. The reverse lookup process is used to identify the source system user id when user actions a task.

OneList user account creation

There are two scenarios that an OneList user account is created:

  1. When a new task assignee is identified in a source system. In this case, the OneList Adapter makes a query to OneList after every task upload, to find if there is any user for that source system requires linking to OneList user account. If OneList returns a list of the source system user id then the OneList Adapter can post the full detail of those uses to OneList. OneList then creates new user account if require and links the source system user id with the OneList user account. The prerequisite of this scenario is that the OneList adapter has full information of the use account including UserName and email.
  2. When a user logs on to OneList (via RoleManager) for the first time. In this case, the user either register a new account (via the Register link on the login page), or after authenticated by the organisation's Idp. If using Idp, RoleManager goes through the external log in process discussed above and creates new user account if no existing user is found for the Idp user login.

Claims required from source system to setup OneList user profile

  • No labels