User Setup
User Setup defines registration and login behaviour for an application: which fields are allowed or required, how users can sign in, deduplication rules, and related options. In Trustdesk this lives under User Setup; applications reference a profile by ID via user_setup_id.
User Setup does not define field schemas. Field keys must first exist in Field Setup (fieldsetup-srv). User Setup only selects which of those keys apply to a given profile.
How User Setup relates to Field Setup and applications
| Layer | Trustdesk | Service | What it stores |
|---|---|---|---|
| Field definitions | User Setup → Field Setup | fieldsetup-srv | Field keys, types, validation, scopes |
| Registration profile | User Setup | user-srv | Allowed/required fields, login identifiers, registration rules |
| Application link | Integrations → Applications | app-srv | user_setup_id pointing to a User Setup profile |
Field Setup → User Setup profile → Application (user_setup_id)
(field keys) (allowed/required) (reference only)
Multiple applications can share one User Setup profile, or each app can use its own.
Where to configure
| Platform | Location |
|---|---|
| Trustdesk (cidaas 4.x) | User Setup |
| Legacy Admin Dashboard | Settings → Registration field settings (field definitions only; profiles via API or Trustdesk) |
Profile settings
Each User Setup profile (UserAppSetup in the API) has a name, optional description, and a nested user_setup object:
| Setting | Description |
|---|---|
| allowed_fields | Field keys users may provide at registration or profile update (for example email, given_name). Keys must exist in Field Setup. |
| required_fields | Field keys required at registration. Must be a subset of allowed_fields. |
| allow_login_with | Field keys accepted as login identifiers (defaults to email when omitted). |
| consent_refs | Consent template IDs (UUIDs) shown during registration or profile updates. |
| enable_deduplication | Enable account deduplication for this profile. |
| validate_email / validate_phone_number | Turn on format validation for email or phone fields. |
| auto_activate_user | Activate users immediately after registration; when false, an activation flow or manual step is required. |
| allow_disposable_email | Allow or block disposable email domains at registration. |
| accept_roles_in_the_registration | Allow roles to be specified during registration. |
| operations_allowed_groups | Groups and roles permitted to perform operations tied to this profile. |
Validation
On create and update, user-srv checks that every field key inallowed_fieldsandrequired_fieldsexists in Field Setup. Invalid keys are rejected.
Recommended workflow
- Define field keys in Field Setup.
- Create a User Setup profile that references those keys (Trustdesk User Setup or User Setup API).
- Create or update the application and set
user_setup_idto the profile ID. See App management.
Linking to an application
Applications store only the profile ID — not the full User Setup document:
| App field | API path to resolve |
|---|---|
user_setup_id | GET /user-srv/usersetup/{id} |
Configure this on the application under Integrations → Applications (Trustdesk) or via the App Configuration API.
API reference
User Setup is managed by user-srv under /user-srv/usersetup. Endpoint details, request schemas, and examples are in the User Setup API OpenAPI reference.
Access requires admin or developer roles (USERSETUP_MANAGER, USERSETUP_VIEWER, or APP_MANAGER) — there are no dedicated OAuth scopes for these endpoints.
Explore related topics
- Field settings — field definitions (prerequisite)
- Register user — registration flow
- Progressive registration
- App management — linking
user_setup_idon applications - Account deduplication — deduplication behaviour
For assistance, visit our Support Portal.