User Repository Identity Service

With the Enhanced User Repository identity service, you can create multiple instances in the same account. An instance of the User Repository type can contain a custom set of users. You can use one service for authentication of multiple apps, use them individually, or share the service across multiple apps.

Admins and Members are the default groups available in each User Repository identity service instance. A user must be part of a group in an instance. By default, all users are associated to the Members group. This authentication service works in the same norms as other Quantum Fabric services.

Use Case 1- Creating multiple instances of User Repository Identity Service

For example, you have created two apps: Employees and citizenIDStore. Now you want to create separate login credentials for these apps and publish these apps to one environment in the same account. So the individual set of users can access only the authenticated apps from that account. You can use the User Repository Identity Service type to achieve this.

  • Here, you create EmployeeUserRepository identity service instance and associate it to the Employees app and publish the app to a Staging environment. Now all users in the EmployeeUserRepository can only access the Employees app from the Staging environment, in that account.
  • Similarly, you create another instance of the identity service: citizenUserRepository and associate it to the citizenIDStore app and publish the app to the Staging environment. Now all users in the citizenUserRepository can only access the citizenIDStore app from a Staging environment.

NOTE: Users from a particular User Repository can only access the app associated with it.

The following flow diagram explains the usage of User Repository authentication in Quantum Fabric.

NOTE:  NTLM authentication is not supported by User Repository identity service.

Creating a User Repository Identity Service

To configure an identity service using User Repository, follow these steps:

  1. In Quantum Fabric Console, from the left pane, click the Apps.
  2. In the Fabric Apps page, click ADD NEW. By default, the Configure Services tab is selected. A new app is added, and you are directed to the Identity page of the new app.
  3. Click CONFIGURE NEW.

    NOTE: For more details on Identity Service Designer page, refer to Identity service designer.

  4. Specify a name for the service in the Name text box.
  5. From the Type of Identity list, select User Repository.

  6. Click SAVE.
  7. Click the Advanced to provide additional configuration of your service definition:
    • Now you can enable or disable the integrity check for an identity service at the provider level. If the integrity is disabled at the provider level, then the provider is meant for server-to-server communication only. To disable the integrity check, In Advanced, select the Restrict to Fabric Server to Server Authentication check box. This setting blocks a traditional client app from using an identity service. It will only allow the identity service to be used from a Quantum Fabric Server to authenticate and invoke services.
    • Concurrent User Logins: Select one of the following three options to configure concurrent user login sessions. For more information, refer to Concurrent User Logins.
      • Allow concurrent user sessions (no restrictions): When this option is selected, an app user with unique credentials is allowed to have multiple apps from different instances.
      • Allow only one active user session per app: Logging into simultaneous instances of the same app is not supported. When this option is selected, an app user can log in to only one instance of client apps linked to a specific Fabric app which has the identity service linked.
      • Allow only one active user session across all apps: Logging to simultaneous instances of the same app or across apps is not supported. When this option is selected, a unique app user can log in to only one instance of client apps linked to all Fabric apps using the identity service.

        IMPORTANT: Apps enabled for SSO will not work if the option is selected, Allow only one active user session across all apps.

The Users List page appears with the IMPORT USERS and ADD USERS buttons, which you can use to add users or import users into the User Repository identity service.

Adding a User with a Group to a User Repository

To add a user to the User Repository, follow these steps:

  1. After you create a user repository identity service, click ADD USER.

Importing users to a User Repository

You can add multiple users to the Quantum Fabric console through a CSV file in the Import Users window.

To import users to a User Repository, follow these steps:

  1. After you create a user repository identity service, click IMPORT USERS. The Import Users dialog appears.

Exporting Users from a User Repository

You can export the existing users of the user repository to an .CSV file. The .CSV file contains users with record level data in a tabular form such as Email, First Name, Last Name, Password, Phone, Status, and Groups.

NOTE: When you export users from a user repository, the content of the Password field is not exported.

NOTE: Maximum 10000 users can be exported at a time.

You can import users from the exported .CSV file into another user repository identity service. Before importing the .CSV, ensure that you must fill password for all users in the .CSV file.

To export users of the User Repository to an Excel file, do the following:

  1. Go to Fabric Console, and navigate to the app.
  2. In the Configure Services > Identity tab of the app, click the user repository identity service. The User Repository identity services details are displayed.
  3. Click EXPORT.

Editing or Deleting a User from a User Repository Identity Service

To edit a user from the User Repository, follow these steps:

  1. From the Identity tab of an app, click the required user repository service. The list of users is displayed.
  2. Click the More Options button next to the user.
    • To edit a user, do the following:
      1. To edit a user, click Edit User Details. The Edit User window appears.
      2. Enter the required details.
      3. Click the EDIT USER button.
    • To delete a user, do the following:
      1. To delete a user, click Delete. The Delete User confirmation window appears.
      2. Click the DELETE button.

Cloning a User Repository Identity Service

  1. Go to the Identity tab of the app in Quantum Fabric. The page lists the existing services (if any).
  2. Click More Options button next to the identity service type of the User Repository.

  3. Click Clone: When you clone a user repository identity service, all users added in the first service are present in the cloned service as well.

    IMPORTANT: When you click Clone, the system generated new name appears for the cloned identity service, in the list. The new name remains in the edit mode until you click anywhere else on the screen. If you want, you can rename it. Changes made to a cloned identity service will not impact the original service.

Reset Password

If you have used User Repository identity service to authenticate and build your app by using MF-SDKs, and if you forgot your password to access the app, you can reset your password based on your registered email ID. Refer to Reset Password for Authentication based on User Repository Identity Service

NOTE: For more information on how you can integrate Quantum OAuth Provider, User Repository, and OAuth 2.0 Identity services to create a basic login form, refer to a Base Camp article: Exploring Quantum OAuth Provider.