Skip to main content

Users

Identity Cloud stores and provides a variety of information on your users.

Under Users, you can manage the following for the user:

User list

The user list gives you a secure and flexible overview, where you can browse basic user data.

User management

Directly from the user list, you can perform the following actions for a specific user:

You can reset the password, block, unblock, or delete a user in the user detailed view as well.

Name

Name gives you the full name of the user.

Email

Email shows you the email address entered at signup.

The email address is the foundation of the user account, which is used for verification, automatic account linking, and so on. Because of this, only one email address per user is allowed.

By default, users are sorted based on Email address.

Recent activity

Recent activity gives you the date and time of the last attempted login, regardless of whether it was successful.

If Recent activity is empty, it means that signup process is incomplete: the user account is created but the user has not logged in for the first time.

Status

Status shows you whether the user is Active or Blocked.

The user is considered Active from user account creation, even if user has not created a password yet.

note

A user is temporarily prevented from logging in for 15 minutes in case of frequent attempts in a short amount of time either for the same user, or for different users from the same IP address. During this time, the user is still considered Active in User management.

Create user

This scenario describes the admin-initiated user creation.

Under User management > Users, click Create user.

You can select the Language of the User invitation email. Your Language selection also determines the initial language setting of the signup flow for the user.

Enter the email address of the user to-be. To trigger an email with an invitation link for password setup, click Send invitation.

You can use each email address only once. If you already have a user registered with the same email address, an error message lets you know.

Create user

The invitation link leads to a page where the user can set their own password. This link is secure, and valid specifically for that one user, for one use, and for 7 days.

This is what password setup looks like on the user side:

Password setup

The newly created user appears according to the default sorting on the user list. Users are sorted based on Email address.

User management
note

Even if the setup of the password or another credential is still pending, the user appears in the user list as Active.

The Recent activity field is populated once the user logs in for the first time.

Find user

In the top right corner of Users, use the search bar to find a user.

Enter at least three characters for the search to start.

Enter at least three characters

You can search based on User ID.

Search User ID

You can search based on Name.

Search Name

You can search based on Email.

Search Email

Partial search also works.

Partial search

You can reset the search with the x on the right side of the search bar.

note

You cannot search based on the Recent activity, Status, or User created parameters.

User detailed view

You can check and edit detailed personal information and authentication methods of a user.

Click the user, and you are navigated to the detailed view.

View more

Personal data

In the Personal data tab, you can find basic user information.

Personal data in the user detailed view

First name and Last name

You can edit the First name and Last name of the user separately. They are displayed together as Name in the user list.

Email

You can copy or change the Email. If you change the Email, the user can log in with the new Email only.

Phone

You can update the Phone. If you change the Phone and Multi-factor authentication is switched on, the user can log in using the new Phone only.

User created

The User created date is displayed as well. Until the first login, the User created date is equal to the Recent activity date.

User ID

You can copy the User ID if needed. This is a unique, unchangeable identifier for the user.

Authentication methods

In the Authentication methods tab, you can delete authentication methods of a user if needed.

info

Social login and Multi-factor authentication are mutually exclusive. If you switch one on, the other automatically switches off.

Regardless of which is switched on, once a user logged in with an authentication method, the authentication method is listed here.

For example, if Multi-factor authentication is switched on, the user currently cannot login with Facebook but that does not mean that the connection to the social login provider has to be set up again. Once Social login is switched on again, they can log in with Facebook once again.

Authentication methods in the user detailed view

SMS

If you delete SMS, only the authentication method is deleted, but the Phone of the user is still available in the Personal data tab.

The user can set up SMS as an authentication method once again if they choose to.

Social login

If you delete any of the social login authentication methods, the connection to the social login provider for that user is deleted.

The user can add social login as an authentication method once again if they log in with a social login provider.

Using Apple login again after Apple login is deleted for a user

If you delete a user, they still have the permission in their Apple account.

If the user wants to sign up and use Apple login again, they have to stop using their Apple ID with the application first. For quick instructions, see the Apple documentation.

Workaround for using Apple login again

After that, they can use Apple login as before.

If social login is the only authentication method and you delete it, the user is asked to set a password at the next login.

Password

Password is the default authentication method.

The user does not need to set a Password if they sign up with social login.

If Password is the only authentication method and you delete it, the user is asked to set a password at the next login.

Recovery method

Single-use recovery codes are available to the user for login if they cannot use other Multi-factor authentication methods to log in. For example, they have SMS set up but their phone died.

If Multi-factor authentication is newly switched on, or the user used up all their recovery codes, a set of recovery codes is generated for the user during the next login. This is how it looks like on the user side:

Recovery codes

Roles

In the Roles tab, you can assign and unassign roles to a user.

Assign role

If you do not see any roles in the list, create your first role under Roles.

Reset password

On the user list, or in the detailed view of a user, you can reset the password of a user.

note

If you are in contact with the user, let them know that the password reset automatically logs them out, and the old password does not work anymore.

From the context menu on the user list, select Reset password.

Unblock user

Send a password reset link to the user.

Unblock user
info

For quick actions from the context menu in the detailed view, you do not have to click Save & Publish for changes to take effect.

The user gets an email with the password reset link. This link is secure, and valid specifically for that one user, for one use only, and for 7 days.

You can check the default content of the password reset email in Email templates.

note

The user may not find the link for some reason, for example, the email has landed in the Spam folder. You can repeat the password reset if needed.

Block user

On the user list, or in the detailed view of a user, you can block a user from signing in. This is a reversible action.

From the context menu on the user list, select Block.

Block user
info

For quick actions from the context menu in the detailed view, you do not have to click Save & Publish for changes to take effect.

Notice how the user Status in the user list is now Blocked. You now have the option to unblock the user if needed.

Blocked user
info

The user does not get an email notification about the blocking.

Users who are blocked cannot log in or execute the Refresh Token flow. The following screen is shown to the user:

User Blocked screen

User sessions are not terminated, neither in Identity Cloud, nor in applications. Access tokens can still be used as long as they are not expired. Thus, we recommend setting a short lifetime for access tokens.

Unblock user

On the user list, or in the detailed view of a user, you can unblock a blocked user.

From the context menu on the user list, select Unblock.

Unblock user
info

For quick actions from the context menu in the detailed view, you do not have to click Save & Publish for changes to take effect.

Notice how the user Status in the user list is now Active. You can block the user again if needed.

Unlocked user
info

The user does not get an email notification about the unblocking, they can just sign in as before the blocking.

Delete user

info

Once you delete a user, the user information is deleted from the database, and you cannot undo the action from User management.

If you click on the user, you can delete the user after a confirmation.

note

The email address can be reused after deletion.

The user can sign up with the same e-mail address, or you can create the user again if needed.