Version: 2.1.0

groupNroles

cidaas user groups and roles API

cidaas user groups is a facility which allows putting users in groups where the user may have group specific roles. The membership of a user in a group can be used to structure users and to control access rights for the user. user groups and roles can be used to grant access to an app (client) - see app management.

user group management consists of four different entities to manage user groups:

role: The role setup of a particular role is subsequently used to restrict access to a system. There are predefined roles in cidaas but roles can be freely added in settings.

groupType: A group type setting is used to tag a user group and to control the usage of roles in the user group. For instance by defining the allowed roles.

userGroup: The user group setting defines the group by using the groupType, setting a groupId, a groupName. A user group may also have additional custom fields, for instance if user group shall contain additional semantics like an external reference to a group in your backend systems. This can be configured in admin portal or by using this API.

userGroupRelation: This relation holds the association between the user (sub) and the user group. It contains information when the user has become member of the user group and it may contain the role(s) of the user.

The webhook is called (triggered) when an event occurs for which the webhook has registered.

Maintaining roles, group types and user groups are administrative tasks. Whereas the assignment of users to a user group may be tasks managed with central administrative tasks or with cidaas control flows (assign user to a group when user registers) or by delegated group administrators.

The APIs are described per entity. Though user account management is kept separate from user groups, search facility of users-srv shall provide user groups and roles of the user. Using these services of groups-srv, queries can be made about roles, group types and group settings. Also users (sub) are returned, but if user information in detail is desired, it is recommended to filter over the users-srv according to criteria of the users or after the group ids.

Authentication

OAuth 2.0: oauth2

Security Scheme Type:	oauth2
OAuth Flow (authorizationCode):	Token URL: https://domain/token-srv/token Authorization URL: https://domain/authz-srv/authz Refresh URL: https://domain/token-srv/token Scopes: cidaas:roles_read: read access for role setup cidaas:roles_write: write access for role setup cidaas:roles_delete: allows deletion of role setup cidaas:group_type_read: read access for group types cidaas:group_type_write: write access for group types cidaas:group_type_delete: allows deletion of group types cidaas:groups_read: read access for user groups cidaas:groups_write: write access for user groups cidaas:groups_delete: allows deletion of user groups cidaas:groups_user_map_read: read access for user group maps (relation of user and group) cidaas:groups_user_map_write: write access for user group maps (relation of user and group) cidaas:groups_user_map_delete: allows deletion of user group maps (relation of user and group) cidaas:groups: allows read access to roles, group types and user group maps - oidc scope
OAuth Flow (clientCredentials):	Token URL: https://domain/token-srv/token Scopes: cidaas:roles_read: read access for role setup cidaas:roles_write: write access for role setup cidaas:roles_delete: allows deletion of role setup cidaas:group_type_read: read access for group types cidaas:group_type_write: write access for group types cidaas:group_type_delete: allows deletion of group types cidaas:groups_read: read access for user groups cidaas:groups_write: write access for user groups cidaas:groups_delete: allows deletion of user groups cidaas:groups_user_map_read: read access for user group maps (relation of user and group) cidaas:groups_user_map_write: write access for user group maps (relation of user and group) cidaas:groups_user_map_delete: allows deletion of user group maps (relation of user and group) cidaas:groups: allows read access to roles, group types and user group maps - oidc scope
OAuth Flow (implicit):	Authorization URL: https://domain/authz-srv/authz Scopes: cidaas:roles_read: read access for role setup cidaas:roles_write: write access for role setup cidaas:roles_delete: allows deletion of role setup cidaas:group_type_read: read access for group types cidaas:group_type_write: write access for group types cidaas:group_type_delete: allows deletion of group types cidaas:groups_read: read access for user groups cidaas:groups_write: write access for user groups cidaas:groups_delete: allows deletion of user groups cidaas:groups_user_map_read: read access for user group maps (relation of user and group) cidaas:groups_user_map_write: write access for user group maps (relation of user and group) cidaas:groups_user_map_delete: allows deletion of user group maps (relation of user and group) cidaas:groups: allows read access to roles, group types and user group maps - oidc scope

Contact

cidaas support: [email protected]

URL: https://support.cidaas.com

Terms of Service

https://www.cidaas.com/terms-of-use/