Identity and Access
Users are the primary way to identify and authorize systems and individuals within the Kinetic Platform. Users within Kinetic can be created manually by other users that have permissions to create new users, or automatically by configuring the platform to authenticate against an IDP (Identity Management Provider) using common protocols like SAML.
Fundamentally, users must exist within the system in order to interact with areas of the system that require authentication. All users within Kinetic are scoped to a space, and no users are shared between spaces.
Each user within the system has the following properties by default:
- Username (unique identifier)
- Email Address
- Display Name (a friendly name that can be displayed throughout the application)
- Enabled (if not enabled, the user won't be able to authenticate and use the system)
- Space Admin (space admin permissions are like root permissions that bypass all other security within the space)
- Allowed IP Addresses (a comma separated list of IP addresses that the user can connect from)
- Preferred Locale (if not set, the users locale is inherited from the default locale set on the space)
The User object within the Kinetic Platform is commonly extended to capture additional metadata about the user with attributes. Common user attributes are the users manager, or app specific preferences.
Users can also be associated with Teams (or groups of users) within the platform as a way to define roles and permissions, or memberships for notifications and assignments.
Roles are a way of giving users permissions. Roles work are, at the platform level, special teams that work together with the security definitions to determine a user's access. Roles give access, they do not take it away. A user without any roles would have no access within the platform.
When a user is created, any existing roles are available to select to give to the user.
Users are given the opportunity to upload an image of themselves to use for identification within the system, their avatar. This image will appear as part of their header, on their profile, and will display as a representation of them when they are listed as a member of a team. If a user has no avatar uploaded, you will see an "empty" image:
There are two types of attributes for user, profile attributes and user attributes. Profile attributes are those items the user can update themselves, such as last name and phone number. User attributes are those items that the user does not have permission to update, such as their department or their manager.
Passwords are entirely within the user's control. They can set or reset their password at any time via the login screen.
Updated 30 days ago