Skip to main content
Open

Simplify IAM User Management for Customer Access through End Application

Related products:Intelligent Application ManagerThinkstore
  • November 11, 2024
  • 3 replies
  • 96 views
M
Vanguard
Forum|alt.badge.img+3

As a developer I want to simplify the management of IAM users within my end application,
so that customer access to their data can be administered more efficiently, and user creation and permission assignment in IAM are automated.
 

We have an application that we will make accessible to customers so they can view and retrieve their own data.

Therefore, users need to be created in IAM with the appropriate permissions.

I would like to simplify this process. I want to be able to provide (a JSON file for example) which users I have, their attributes, and the groups they belong to, and have IAM handle the process automatically.

Currently, I need to figure out which IAM APIs are available and set up a mechanism to handle this. This is time-consuming and error-prone, so I think it would be ideal to develop standard functionality to optimize this process.

3 replies

Jeroen van den Belt
Administrator
Forum|alt.badge.img+10
NewOpen
Arie V
Community Manager
Forum|alt.badge.img+12
  • Arie V
  • Community Manager
  • November 30, 2025
The following idea has been merged into this idea:

All the votes have been transferred into this idea.
Arie V
Community Manager
Forum|alt.badge.img+12
  • Arie V
  • Community Manager
  • November 30, 2025

Input from ​@Anne Buit from the merged topic:

We’d like to limit the number of session variables as much as possible. While they are small and lightweight, they have to be initialized for every single database call.

Volatile data such as the user id, user ip, session id, original login, effective application language (subject to fallback mechanisms) and the application id (there may be multiple per application database) are chosen as session variables as you cannot retrieve them from elsewhere.

Any data which can be derived from IAM, such as the user name, e-mail address, user group membership and such we’d rather load on-demand or synchronize between IAM and the application database.

Generally, an administration of users is always present within an application database. For instance, to link users to cases, projects, planning and such. A duplicate administration (add the user to IAM, add the user to the product database) is a hassle.

Our advice would be to set up a scheduled system flow which duplicates the necessary user data from IAM into your product database using an application connector.

@Robbert van Tongeren agreed to convert this to an idea for the Thinkstore to offer a plug-and-play user synchronization mechanism for user id, name, email?

 

Plan is indeed to work on proper IAM APIs and a Thinkstore model to easily integrate your custom application with IAM.

Robbert van Tongeren
Mark Jongeling
Terms & ConditionsCookie settingsAccessibility statement