Skip to end of metadata
Go to start of metadata

Table of Contents

The data model of the Soffid objects is mapped to JSON objects to enable the data transport between client and server.

Please find below a table the attribute description for a very resource and a full JSON example.

/User

Dictionary table

AttributeTypeRequiredUpdatableDescriptionAdditional comment
idLongYes-Primary key of the user 
userNameStringYesYesUser name used to identify a user, internal management and access to applicationsUser name must be unique
firstNameStringYesYesFirst name of the user 
lastNameStringYesYesFirst surname 
middleNameString-YesUsed like second surname 
fullNameString--firstName + lastName + middleName 
shortNameString-YesMail of the user but without the domainThe mail is created with the next pattern: shortName + '@' + mailDomain
createdDateCalendar--User creation date 
modifiedDateCalendar--Last modification date of any user attributes 
createdByUserString--User that has created the user 
modifiedByUserString--User that has modified the last time attributes of this user 
activeBoolean-YesUser active or disableIf you avoid this attribute in the create operation by default the value is false
multiSessionBoolean-Yes

Allows some sessions with Soffid ESSO

When the value is false if the user logs with another session active, the SSO close the previous one
commentsString-YesComments about the user 
userTypeStringYesYesUser type assigned to the user. by default "I"

New use types could be created in the IAM Console (Soffid Configuration > User andd passwords domains, User type tab)

profileServerStringYesYesServer which hosts the user profile

It is linked to Roaming UserProfile on Active Directory

Servers are managed in the IAM Console (Resource Management > Technological Resources > Hosts)

In the installation of Soffid a "null" server is created to be used by default

homeServerStringYesYesServer Which hosts the user folder

It is linked to Home Drive attribute on active directory

Servers are managed in the IAM Console (Resource Management > Technological Resources > Hosts)

In the installation of Soffid a "null" server is created to be used by default

mailServerStringYesYesServer which hosts the user mail

Servers are managed in the IAM Console (Resource Management > Technological Resources > Hosts)

In the installation of Soffid a "null" server is created to be used by default

nationalIDString-YesID card of the userFor example the NIF or NIE
phoneNumberString-YesPhone number of the user (company or personal) 
mailAliasString-YesLisf of mails separated by comma

The domain of the mails must be valid

Mail domains are managed in the IAM Console (Resource Management > Information Systems > Mail Domains)

mailDomainString-YesMail domain used in the mail of the userMail domains are managed in the IAM Console (Resource Management > Information Systems > Mail Domains)
primaryGroupStringYesYesID of the primary grup where the user is assigned

Groups are managed in the IAM Console (Resource Management > Human Resources > Groups)

primaryGroupDescriptionString-YesDescription of the primary grup where the user is assigned

Groups are managed in the IAM Console (Resource Management > Human Resources > Groups)

consoleProperties

ConsoleProperties

  • id (Long)
  • userName (String)
  • lastLoginDate (Calendar)
  • version (String)
  • bookmarks (Collection<String>)
  • preferences (Map)
  • lastIP (String)
  • language (String)
--Internal properties for the IAM ConsoleThese properties are created the first time the user access to IAM console
 passwordString -YesPassword used with the userName to access to applicationsPassword is not returned in the searches, is only used in PATCH and PUT methods
 attributes

 Map<String, Object>

  • "attribute" : "value"
-YesAdditional data assigned to the user

Attributes are managed in the IAM Console (Soffid Configuration > Additional Data)

Values are managed in the IAM Console (Resource Management > Human Resources > Users)

 meta

 ScimMeta

  • resourceType (String)
  • created (Date)
  • lastModified (Date)
  • location (String)
--

Additional information recommended in SCIM definition:

  • resourceType: Resource requested (in this case "User")
  • created: user creation date
  • lastModified: last modification date of any user attributes
  • location: URL tof the resource (<domain>/webservice/scim/User/<id>

These attributes are returned in the response

These attributes are not updatable

 secondaryGroups

 List<JsonSecondaryGroup>

  • id (Long)
  • group (String)
  • groupDescription (String)
-Yes

Secondary groups assigned to the user:

  • id: id of the group
  • group: name of the group (unique)
  • groupDescription: description of the group

Groups are managed in the IAM Console (Resource Management > Human Resources > Groups)

Secundary groups are managed in the IAM Console (Resource Management > Human Resources > Users)

 

 accounts

 List<JsonAccount>

  • id (Long)
  • name (String)
  • system (String)
-Yes

Accounts created to the user to access to applications:

  • id: id of the account
  • name: name of the account (unique)
  • system: system to assign access

Accounts are managed in the IAM Console (Resource Management > Human Resources > Users, Account tab)

Systems are managed in the IAM Console (Resource Management > Information Systems > Applications)

 

Full JSON example

 

/Group

Dictionary table

AttributeTypeRequiredUpdatableDescriptionAdditional comment
idLongYes-Primary key of the group 
nameString YesYesName used to identify a groupName must be unique
quotaString -YesQuota allocated to the shared folder 
descriptionStringYesYesDescription of the group 
parentGroupString-YesName of the parent group

Only the root group doesn't have value

The groups have a tree structure

typeString -Yes

ID of the organizational unit type

Organizational units type are managed in the IAM Console (Resource Management > Human Resources > Organizational unit)

driveLetterString -YesDrive letter used to get access to this group's drive

This shared folder can be mounted on ESSO hosts by using startup script

Only one character are allowed

driveServerNameString-YesFile server to store this group's driveOnly applies when used in combination with shared folder agents and script logons. If specified, a shared folder for this group will be created.
obsoleteBoolean-YesGroup active (false) or disabled (true) 
organizationalBoolean-YesGroup (biusiness unit) type 
sectionString-YesCost center name 
meta

ScimMeta

  • resourceType (String)
  • created (Date)
  • lastModified (Date)
  • location (String)
--

Additional information recommended in SCIM definition:

  • resourceType: Resource requested (in this case "Group")
  • created: user creation date
  • lastModified: last modification date of any user attributes
  • location: URL tof the resource (<domain>/webservice/scim/Group/<id>

These attributes are returned in the response

These attributes are not updatable

attributes

Map<String, Object>

  • "attribute" : "value"
-NoAdditional data assigned to the group

Attributes are defined in the IAM Console (Soffid Configuration > Additional Data)

Values are managed in the IAM Console (Resource Management > Human Resources > Groups)

 

Full JSON example

 

/Account

Dictionary table

AttributeTypeRequiredUpdatableDescriptionAdditional comment
idLongYes-Primary key of the account 
nameStringYesYesName used to identify the account 
descriptionString YesDescription of the account 
type

AccountType

YesYesAcount Type. Values [ U | S | P | I ]

U=user, S=shared, P=privileged, I=Ignored

To create a user type account, a single user must be specified in ownerUsers attribute

systemString-YesSystem to assign accessSystems are managed in the IAM Console (Resource Management > Information Systems > Applications)
lastUpdatedCalendar-NoLast time  
lastPasswordSetCalendar-No¿? 
passwordExpirationCalendar-No¿? 
disabledboolean-YesAccount active (false) or disabled (true) 
passwordPolicyStringYesYesUser type assigned to the user. by default "I"New use types could be created in the IAM Console (Soffid Configuration > User andd passwords domains, User type tab)
vaultFolderIdLong-Yes¿? 
vaultFolderString-Yes¿? 
inheritNewPermissionsboolean-Yes¿? 
loginUrlString-Yes¿? 
attributes

Map<String, Object>

-Yes¿? 
grantedGroups

Collection<Group>

-Yes¿? 
grantedUsers

Collection<User>

-Yes¿? 
grantedRoles

Collection<Group>

-Yes¿? 
managerGroups

Collection<Role>

-Yes¿? 
managerUsers

Collection<User>

-Yes¿? 
managerRoles

Collection<Role>

-Yes¿? 
ownerGroups

Collection<Group>

-Yes¿? 
ownerUsers

Collection<User>

-Yes¿? 
ownerRoles

Collection<Role>

-Yes¿? 
passwordString-Yes¿? 
roles

List<RoleDomain>

  • role (Long)
  • domainValue (String)
-Yes

List<RoleDomain>

  • role: id of the role
  • domainValue: value of the domain
¿?
meta

ScimMeta

  • resourceType (String)
  • created (Date)
  • lastModified (Date)
  • location (String)
-

Additional information recommended in SCIM definition:

  • resourceType: Resource requested (in this case "Account")
  • created: user creation date
  • lastModified: last modification date of any user attributes
  • location: URL tof the resource (<domain>/webservice/scim/Account/<id>

These attributes are returned in the response

These attributes are not updatable

 

Full JSON example

  • No labels