User management

This chapter explains basic details of what user objects are and what rules apply to their APIs.

User objects

  • Users represent people accessing applications on whose behalf Zato provides security mechanisms
  • Users may have access to one or more application
  • Users may send sign up requests to open an account
  • Users may be regular ones or super-users

All of the broader parts of the functionality can be turned on or off as needed, for instance, it is possible to disable the ability for users to sign up themselves. Read the configuration chapter for details.

The basic attributes of users are:

  • user_id
  • username
  • password
  • email
  • display_name, or
  • first_name, middle_name and last_name

Depending on needs, either display_name or first/middle/last name can be used - the very notion of first and other names may possibly not exist in a user’s culture, hence Zato can be configured enforce their existence or not.

Additional attributes:

  • app_list
  • attrs

In the context of SSO (Single-Sign On), users may have access to one or more applications - app_list describes to what a given user may log in or otherwise interact with.

Moreover, it is possible to attach an arbitrary set of key/value attributes to users, each attribute possibly encrypted and with an optional expiration time - they can be used to extend information about users to cover supplementary needs, such as timezone, a phone number or address.