Manage users in Semarchy xDM

Users in Semarchy xDM include all the individuals interacting with the platform, including the administrators, designers, or business users.

User authentication

Users authenticate using an identity provider, which may be:

  • the Internal Identity Provider - which stores user and roles in the Semarchy xDM platform.

  • a third-party identity provider for single sign-on.

A user uses a login form or the third-party identity provider login experience to log into the Semarchy xDM platform.

Through the login process:

Role vs. groups

Certain identity providers have a notion of Group. Depending on the identity provider configuration, these groups are returned in the effective roles for the user.

Create a user

You must create users connecting to Semarchy xDM using the Internal Identity Provider. When creating these users, you define their password.

You may also create users connecting to Semarchy xDM using a third-party identity provider, to invite them to use Semarchy xDM. This operation provisions the users without passwords since the user authentication is performed by the third-party identity provider.

To create a user:

  1. In Configuration, select Users in the navigation drawer.
    The Users list opens.

  2. Click on the Add User floating action button in the lower-right corner of the screen.

  3. In the Add User dialog, enter the Username

  4. Select one or more Assigned Roles for this user. These roles will be given to this user in addition to those returned by the authentication process.

  5. Set the First Name, Last Name, and Email for this user. You do not need to set these if the identity provider the user will login with synchronizes this information.

  6. Select Send invite to send an invite email to this user.

    To send an invite, a mail notification server must be configured as the Default Notification Server, and the Email must be set for the user.
  7. If the user will authenticate using the internal identity provider:

    • Expand the Authentication Setting section, and select Enable internal authentication

    • Enter a Password for the user, and optionally select Ask for a password change at the next login to force the user to change that password at the next login.

  8. click CREATE.

The new user is created and the sidesheet opens for this user.

Automate user creation from SSO

When a user connects to Semarchy xDM using a third-party identity provider, he receives the roles defined in the identity provider configuration, including the default roles and those granted in the identity provider.

Users with the appropriate roles after this authentication can access the platform and their user information is automatically created.

A simple way to enable this is by setting baseline roles in the identity provider’s Default Roles. For example, the semarchyConnect role.

Modify the assigned roles

A user authenticating with an identity provider receives the roles configured for that identity provider, which include:

  • The Default Roles given to all users, as defined in the identity provider configuration.

  • The roles or groups returned by the identity provider as well as those returned via the Role Mapping mechanism.

In addition, it is possible to assign in Semarchy xDM roles specifically to that user. These role assignments are stored in Semarchy xDM.

A user connecting with the internal identity provider only receives the default roles defined for that IDP, plus those assigned Semarchy xDM.

To modify the roles assigned to a user:

  1. In the Users list, select the user. The side sheet opens with this user’s information.

  2. In the sidesheet header, select assign roles Assign Roles.

  3. Select or remove the Assigned Roles for this user.

  4. Click ASSIGN.

Configure internal authentication

A user may be allowed to connect using the Internal Identity Provider.

  • When this option is enabled, the user can log in using a login form using a password stored in Semarchy xDM.

  • When this option is disabled, the user is only able to log in using a third-party identity provider into which a user with the same name is defined.

To configure internal authentication for a user:

  1. In the Users list, select the user. The side sheet opens with this user’s information.

  2. In the sidesheet header, select configure internal authentication Configure Internal Authentication.

  3. Select or unselect Enable Internal Authentication.

  4. If you enable the internal authentication for the user, enter a Password for the user.

    • Optionally select Ask for a password change at the next login to force the user to change that password at the next login.

    • Optionally select Send invite to send an email to this user with his password.

      To send the password by email, a mail notification server must be configured as the Default Notification Server, and the Email must be set for the user.
  5. Click APPLY

A user-defined in a third-party identity provider and having Enable Internal Authentication selected will able to connect with both the third-party identity provider and the Semarchy xDM password.

This is not a recommended configuration since the roles assigned to that user may vary depending on the authentication method. Preferably use different sets of users for the internal identity provider and the third-party identity providers.

Manage users with the REST API

Endpoints are available on the Semarchy xDM REST API to manage users.

For more details, refer to the REST API documentation.