User Administration

In the user list we can add, edit and delete both user and organizations. All users belong to an organization and the system will by default always have an organization called “Root” that can neither be edited nor deleted. This does although not mean that all users will be able to see this organization.

all user

The user list shows a list of users organized by their organizational relationship. The first level any user will see in the user list is the organization that he or she belongs to. Users in that level will thus include that user as well as all his colleagues in the same organization. The user will not be able to go to organizations at higher levels and see which users exist here. This is one of the security features that make it possible to have multiple organizations using one instance of Safewhere*Identify.

In the user list, a user can perform the following actions in the in-line menu:

all user 2


The ‘Set password’ option allows user to change the password without opening the user form. This option is activated when the setting ‘Offer manual update of users’ passwords on user form’ on System setup is set to True.

all user 3

“Send password” sends an email contains the password reset link to the mailbox of the selected user.

To look for users in lower organizational levels, simply navigate using the organizational links (in the case above we can “drill down” in the organization via the links Custom Claim Org and Org2).

In the top pane, we will find some action buttons.

all user 4

Using the “New” button we can add both Organizations and Users.

Using the “Search User” button (under Tools) we can search the list of users using advanced filters.

Using the “Mass Update” button (under Tools) we can update multiple users of an organization at the same time.

The three features are explained in the following sections

The search user page shows the list of claims that a user can have set. To apply any of the filters you will need to click the Use checkbox next to the filter, which means that it will be used when searching. If more filters are applied, all of their conditions need to be met in order for the users to be returned.
The filters are stored in the session so that the search displays latest results for the session – this is then automatically reset when closing the browser. To reset the filters during the session, click the ‘Reset search preferences’ button.

Search user

The two filters that will exist regardless of site are:

Identify name: Uses the logic that the parameter, inserted into the search field, is equal to or part of a user’s Safewhere*Identify name for that user to be returned

User status: Here you basically have the options of including all enabled or all disabled users.

Besides this, it will be possible to search using the claim types that are added to Safewhere*Identify as filters. Discrete claim and free claim are handled as follows:

Free claim: Uses the logic that the parameter, inserted into the search field, is equal to or part of a user’s claim type value for the free claim for that user to be returned

Discrete claim: When searching for discrete claim you can choose between three different query logic that specify what the selection of possible options in the filter means in terms of returning users. The three different options are:

  • User has all the checked options => selects all users that have the checked options. They may have more than the checked options, but this we will not care about.
  • User has at least one of the checked options => selects all users that have at least one of the checked options.
  • User has none of the checked options => Filters out users that have none of the checked options

Mass update user

The mass update user functionality makes it even easier to manage a large user base. Take a situation where a new access role is added to a [/glossary]claim[/glossary]. Having to open and edit 100s of users would be a huge task. It is now possible to do in seconds by simply selecting those users using the advanced search feature and then using mass update to grant the claim role for them. Mass update also offers ways to remove values for an array of users in one go.

In order to update users we first need to select the users from the user list. It is not possible to select users across pages or organizations for mass update. Select using the checkbox row, then click the Mass Update button.

mass update 1

This will bring up the mass update dialog. The dropdown will list all the claim types that can be updated. By default, free claim is just listed by its name alone, while discrete claim has one item in the drop down for each option. In other words, we must select each discrete claim type option to update individually.

mass update 2

In the above dialog, we have chosen the option “ClaimAdmin” from the claim type “Access to Identify*Admin”. We then have the option to either remove or add the selection of this option for the selected array of users.

When we choose a free claim type, the mass update dialog will also offer a value field.

mass update 3

Select the value that you would like the selected array of users to have.

After having added all the values that the selected array of users should be updated to, click the “Mass update” button. The users will be updated.

User form

Let’s also have a look at the form for adding and editing users.

user form

On the user form all claims of a user will be shown, but for the exception that if a discrete claim has the setting “Avoid upside” activated, the viewing users will not see options of discrete claims that they themselves do not have access to.

Identify Name: Should be set to the name that the user will be known by in Safewhere*Identify, preferably the user’s full name.

Enabled: If a user is disabled he will not be granted access to any Relying Party of Safewhere*Identify, neither to the Identify*Admin application.

Upload user’s certificate: Allow user to upload certificate files which contain public keys (*.cer; *.crt). When upload is successful, the thumbprint of the certificate will be saved under the claim type defined by the property “STS Default Certificate Claim Type” on the System Setup tab.

Manually update user password: Specifies whether to auto-generate the user’s password or input it manually.This option is activated when the setting “Offer manual update of users” passwords on user form”on System Setup tab is set to True.

When “Set password manually” is selected, user can input both the password and retype password manually.

user form 2

Force Reset Password: Checking this button simply means, that the first time that the user logs in to Identify*Admin, he is forced to change his current Password to a new one. This can be used for situations, where his initial password was auto-generated and you want to make sure he changes it to one that does not exist as clear text. Its default status is affected by the setting ‘New users must change password first time they log on’ of its owner organization.

Owner Organization: The organization that the user is added to.

Group: If the user will inherit rights from a group, you can add the user to the group using this field. To read more about groups, please see Group Administration.

Send password email to user: This is only shown when creating new users. You are offered to have the system automatically send an email containing the password reset link to the new user informing him of his new auto-generated password as well as requesting he uses this to log in to change it to a password of his own choice.

Email claim type: multiple emails can be specified by using semicolon “;” between each email. The email value must be unique.

Other Information: The fields you will see here will depend on the claims that have been set up in the system.


Was this helpful ?Good Somewhat Bad